Compromised hosts are a cause for concern for many end users and network operators. For example, after being infected by botnet programs or other malicious software, a compromised host may be controlled remotely and/or instructed to perform malicious activities. Exemplary malicious activities may include flooding a network or node with numerous packets, intercepting or redirecting traffic, wasting network resources, or other unwanted activities.
Some compromised hosts may attempt to communicate with a command server for receiving instructions for performing malicious activities. Network operators try to identify compromised hosts and their command servers to thwart malicious effects associated with the compromised hosts. However, since current malicious software has made significant strides in camouflaging or obfuscating compromised hosts and/or command servers, many network operators are incapable of quickly and efficiently detecting compromised hosts and/or mitigating their malicious activities.
Accordingly, there exists a need for improved methods, systems, and computer readable media for detecting a compromised computing host.