Ping Wang, Sherri Sparks, Cliff C. Zou,
A "botnet" consists of a network of compromised computers controlled by an attacker ("botmaster"). Recently, botnets have become the root cause of many Internet ... study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in ... design of an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and ... connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and ...
Tópico(s): Peer-to-Peer Network Technologies
2009 - IEEE Computer Society | IEEE Transactions on Dependable and Secure Computing
OECD iLibrary
Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, Ivan Osipkov,
In this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server ... spam signature generation framework called AutoRE to detect botnet-based spam emails and botnet membership. AutoRE does not require pre-classified training ... high quality regular expression signatures that can detect botnet spam with a low false positive rate. Using ... emails from Hotmail, AutoRE successfully identified 7,721 botnet-based spam campaigns together with 340,050 unique botnet host IP addresses. Our in-depth analysis of ...
Tópico(s): Spam and Phishing Detection
2008 - Association for Computing Machinery | ACM SIGCOMM Computer Communication Review
... 158KB)Download : Download full-size imageRussian advertisement offering botnet servicesThe purpose of this article is to examine to what extent botnets pose a threat to information security. In Chapter ... title are defined, and a comprehensive overview of botnets is provided in order to equip the reader ... for the remaining chapters. The motives for using botnets and the methods in which they are used are outlined. The methods of botnet attack are then analysed in terms of their ... information security and a conclusion is drawn that botnets are indeed a threat to information security in ...
Tópico(s): Information and Cyber Security
2010 - Elsevier BV | Information Security Technical Report
Lipeng Song, Zhen Jin, Gui‐Quan Sun,
The dynamics of interacting botnets and the effects of the strategies selected by interacting botnet owners on the spread of botnets remain unclear. As a result, in this paper, we present a botnet interaction model, obtained by coupling a fast evolutionary ... a slow population dynamics model, in which two botnet types are considered. We analyze the fast evolutionary ... to study the effects of strategies selected by botnet owners. Analysis of the models shows that when ... owners adopt the cooperative strategy both types of botnets can survive with much lower contact rates. However, ...
Tópico(s): Complex Network Analysis Techniques
2010 - Elsevier BV | Physica A Statistical Mechanics and its Applications
Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou,
Botnets have become one of the major attacks in the internet today due to their illicit profitable ... honeypots set up by security defenders can attract botnet compromises and become spies in exposing botnet membership and botnet attacker behaviours, they are widely used by security defenders in botnet defence. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid ... this constraint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet ...
Tópico(s): Advanced Malware Detection Techniques
2010 - Inderscience Publishers | International Journal of Information and Computer Security
Alain Bensoussan, Murat Kantarcıoǧlu, SingRu Hoe,
Botnets are networks of computers infected with malicious programs that allow cybercriminals/botnet herders to control the infected machines remotely without the user's knowledge. In many cases, botnet herders are motivated by economic incentives and try to significantly profit from illegal botnet activity while causing significant economic damage to society. To analyze the economic aspects of botnet activity and suggest feasible defensive strategies, we provide ... theoretical framework that models the interaction between the botnet herder and the defender group (network/computer users). ...
Tópico(s): Complex Network Analysis Techniques
2010 - Springer Science+Business Media | Lecture notes in computer science
... vulnerable computers and form virtual networks of zombies - botnets. Botnets can be leveraged to orchestrate concerted attacks against ... paper examines the activities and consequences associated with botnets and provides examples of existing incidents so that ... attack tools or to form part of a botnet under the control of the botnet controller as illustrated by Figure 1 . Among the three botnet communication typologies identified by Cooke, Jahanian & McPherson (2005) - ... are often deployed on C&C servers by botnet controllers to prevent unauthorised third party access. Once ...
Tópico(s): Spam and Phishing Detection
2007 - | Trends and issues in crime and criminal justice
Guanhua Yan, Songqing Chen, Stephan Eidenbenz,
As evidenced by the recent botnet turf war between SpyEye and Zeus, the cyber space has been witnessing an increasing number of battles or wars involving botnets among different groups, organizations, or even countries. One ... of the enemy. Particularly, each party in a botnet war would be interested in knowing how many ... adopted is to infiltrate into an adversary’s botnet and enumerate observed bots through active crawling or ... this work, we study potential tactics that a botnet can deploy to protect itself from being enumerated. ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2011 - Springer Science+Business Media | Lecture notes in computer science
Botnets have become the main vehicle to conduct online crimes such as DDoS, spam, phishing and identity ... numerous efforts have been directed towards detection of botnets, evolving evasion techniques easily thwart detection. Moreover, existing ... we propose a light-weight mechanism to detect botnets using their fundamental characteristics, i.e., group activity. The proposed mechanism, referred to as BotGAD (botnet group activity detector) needs a small amount of data from DNS traffic to detect botnet, not all network traffic content or known signatures. ...
Tópico(s): Spam and Phishing Detection
2011 - Elsevier BV | Computer Networks
... can those infected phones be organized to a botnet? In this paper, we present a design of such a botnet using Short Message Service (SMS) as its Command ... medium. We cover all the aspects of the botnet design including the stealthiness protection, the topology selecting and the botnet maintaining. Our simulations show that in our proposed SMS-based botnet a newly issued C&C message can be ... no more than four SMS messages and the botnet is robust to both random and selective node failures. Thereby, we demonstrate that the proposed mobile botnet is indeed a serious threat on the security ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2011 - Springer Science+Business Media | Lecture notes in computer science
Ok‐Ran Jeong, Chulyun Kim, Won Bae Kim, Jungmin So,
Purpose A botnet is a network of computers on the internet infected with software robots (or bots). There are numerous botnets, and some of them control millions of computers. Cyber criminals use botnets to launch spam e‐mails and denial of ... commit click fraud and data theft. Governments use botnets for political purposes or to wage cyber warfare. ... purpose of this paper is to review the botnet threats and the responses to the botnet threats. Design/methodology/approach The paper describes how botnets are created and operated. Then, the paper discusses ...
Tópico(s): Advanced Malware Detection Techniques
2011 - Emerald Publishing Limited | International Journal of Web Information Systems
Guining Geng, Guoai Xu, Miao Zhang, Yanhui Guo, Guang Yang, Cui Wei,
Botnets have become one of the most serious security threats to the traditional Internet world. Although the mobile botnets have not yet caused major outbreaks worldwide in cellular network, but most of the traditional botnet experience can be transferred to mobile botnet on mobile devices, so mobile botnet may evolve faster since techniques are already explored. ... security companies, we can see that the mobile botnet attacks and trends are quite real. In this paper, we proposed a SMS based heterogeneous mobile botnet, and shown how SMS based C&C channel ...
Tópico(s): Mobile Ad Hoc Networks
2012 - Academy Publisher | Journal of Computers
... evade detection of ever-improving defense techniques, modern botnet masters are constantly looking for new communication platforms ... these networks can naturally be exploited for spreading botnet C&C information, and the enormous amount of ... makes it a daunting task to tease out botnet C&C messages. Against this backdrop, we explore ... theoretic techniques that aid effective monitoring of potential botnet activities in large open online social networks. Our ... that can be leveraged for improving efficiency of botnet monitoring. Our analysis reveals that the static Twitter ...
Tópico(s): Complex Network Analysis Techniques
2012 - Elsevier BV | Computer Networks
Jian Jiang, Jianwei Zhuge, Haixin Duan, Jian Wu,
... 个方面介绍了近年来僵尸网络工作机制的发展,然后从监测、工作机制分析、特征分析、检测和主动遏制这5 个环节对僵尸网络防御方面的研究进行总结和分析,并对目前的防御方法的局限、僵尸网络的发展趋势和进一步的研究方向进行了讨论.;Botnets are one of the most serious threats to ... plenty of research and made significant progress. However, botnets keep evolving and have become more and more ... system and Internet architecture, and the complexity of botnet itself, how to effectively counter the global threat of botnets is still a very challenging issue. This paper first introduces the evolving of botnet's propagation, attack, command, and control mechanisms. Then ...
Tópico(s): Network Security and Intrusion Detection
2012 - Science Press | Journal of Software
J Villanueva Felix, Charles L. Joseph, Ali A. Ghorbani,
Botnet is becoming the biggest threat to the integrity of Internet and its resources. The advent of P2P botnets has made detection and prevention of botnets very difficult. In this paper, we propose a set of metrics for efficient botnet detection. The proposed metrics captures the unique group ... Our premise for proposing group behavior metrics for botnet detection is that, group behavior observed in botnets are unique and this unique group behavior property is inherent in the botnet architecture. The proposed group behavior metrics uses three ...
Tópico(s): Complex Network Analysis Techniques
2012 - Springer Science+Business Media | Lecture notes in computer science
Padmini Jaikumar, Avinash C. Kak,
... based approach for the detection and isolation of botnets in a computer network. Our approach depends primarily ... computers in a network and is independent of botnet architectures and the means used for their command ... control. As practically all aspects of how a botnet manifests itself in a network—such as the ... graph‐partitioning algorithms to separate out the different botnets when a network is infected with multiple botnets at the same time. We have validated our ... by applying it to the isolation of simulated botnets, with the simulations based on a new unified ...
Tópico(s): Advanced Malware Detection Techniques
2012 - Hindawi Publishing Corporation | Security and Communication Networks
Pedro Correia, Eduardo Rocha, António Nogueira, Paulo Salvador,
Botnets are used for various purposes, most of them related to illegitimate activity, being also the sources ... Due to their volume, diverse capabilities and robustness, botnets pose a significant and growing threat to enterprise networks and to the Internet itself. Detecting botnets is a hard task and traditional network security ... are unable to successfully complete it. In fact, botnets are evolving and can be quite flexible: the ... to-Peer (P2P) communication paradigm. So, new generation botnet detection systems should be independent of the C& ...
Tópico(s): Advanced Malware Detection Techniques
2012 - Elsevier BV | Procedia Technology
Masood Khosroshahy, Mustafa Ali, Dongyu Qiu,
Botnets, overlay networks built by cyber criminals from numerous compromised network-accessible devices, have become a pressing ... responding to a growing threat of an emerging botnet. In this paper, we introduce the Susceptible-Infected-Connected (SIC) botnet model. Prior botnet models are largely the same as the models ... hence being applicable to a larger set of botnets; and (2) being a Continuous-Time Markov Chain- ... two key analyses: (1) estimation of the global botnet size during its initial appearance based on local ...
Tópico(s): Spam and Phishing Detection
2012 - Elsevier BV | Computer Networks
Ahmad Karim, Rosli Salleh, Muhammad Shiraz, Syed Adeel Ali Shah, Irfan Awan, Nor Badrul Anuar,
... a number of security issues. For instance, the botnet phenomenon is a prominent threat to Internet security, including the threat of malicious codes. The botnet phenomenon supports a wide range of criminal activities, ... and develop a robust mechanism for improving the botnet detection, analysis, and removal process. Currently, botnet detection techniques have been reviewed in different ways; ... in scope and lack discussions on the latest botnet detection techniques. This paper presents a comprehensive review ...
Tópico(s): Advanced Malware Detection Techniques
2014 - Zhejiang University Press | Journal of Zhejiang University SCIENCE C
Aditya Sood, Sherali Zeadally, Richard Enbody,
Cyber criminals are covertly attacking critical infrastructures, and botnets are a common component of those attacks. In recent years, botnets have been shifting their focus from broad-based ... of the most widely deployed HTTP-based financial botnets (such as Zeus, SpyEye, ICE 1X, Citadel, Carberp, ... provides critical insights into the design of these botnets and should help the security community to generate ... solutions to defend against cyber attacks by these botnets. In addition, our comparative analysis of insidious techniques ...
Tópico(s): Advanced Malware Detection Techniques
2014 - IEEE Computer Society | IEEE Transactions on Dependable and Secure Computing
Somayeh Soltani, Seyed Amin Hosseini Seno, Maryam Nezhadkamali, Rahmat Budiarto,
Mitigating the destructive effect of botnets is a concern of security scholars. Though various mechanisms are proposed for botnets detection, real world botnets still survive and do their harmful operations. Botnets have developed new evasion techniques and covert communication channels. Knowing the characteristics of real world botnets helps security researchers in developing more robust detection ... are some surveys in the literature that study botnet detection methods; however they do not advert to ...
Tópico(s): Advanced Malware Detection Techniques
2014 - Institute of Advanced Engineering and Science (IAES) | International Journal of Information and Network Security (IJINS)
TABLE OF CONTENTS INTRODUCTION I. BOTNETS AND TAKEDOWN APPROACHES A. Definitions and Threats B. The Conficker Working Group C. The FBI and DoJ II. THE FIRST MICROSOFT ... court actions to dismantle criminal networks known as botnets. This article brings focus to the role of ... connected, controlled computers just described is called a botnet. Botnets are the plague of the Internet. (2) Effective disarmament of growing numbers of global botnets is a difficult challenge; while technical solutions are ... important to control their spread. In addition, because botnets operate across national boundaries, disabling them can involve ...
Tópico(s): Cybersecurity and Cyber Warfare Studies
2014 - Routledge | Santa Clara computer and high-technology law journal
Table of Contents I. RECOGNIZING THE GROWING BOTNET THREAT AND INDUSTRY A. Defining Botnet B. The Growing Problem II. IDENTIFYING THE CURRENT METHODS OF BOTNET ENFORCEMENT A. Mitigating a Botnet B. The Citadel Botnet III. THE LEGITIMACY OF PUBLIC-PRIVATE PARTNERSHIPS IN MITIGATING BOTNETS A. Evaluating Legitimacy B. Baldwin and Cave Factors ... 5. Efficiency IV. CONCLUSION I. RECOGNIZING THE GROWING BOTNET THREAT AND INDUSTRY A. Defining Botnet A botnet is a network of computers coordinated ...
Tópico(s): Network Security and Intrusion Detection
2014 - The MIT Press | Harvard journal of law & technology
Chia-Mei Chen, Hsiao-Chung Lin,
Botnets can cause significant security threat and huge loss to organizations, and are difficult to discover their ... threats on the Internet. The core component of botnets is their command and control channel. Botnets often use IRC (Internet Relay Chat) as a ... more infections. In this paper, anomaly score based botnet detection is proposed to identify the botnet activities by using the similarity measurement and the periodic characteristics of botnets. To improve the detection rate, the proposed system ...
Tópico(s): Advanced Malware Detection Techniques
2014 - Elsevier BV | Journal of Information Security and Applications
Heli Tiirmaa-Klaar, Jan Gassen, Elmar Gerhards‐Padilla, Peter Martini,
... 10 billion every year. This particularly applies for botnets, which are a special kind of malware. In contrast to other kinds of malware, botnets utilize a hidden communication channel to receive commands ... almost arbitrary commands on the infected machines makes botnets a general-purpose tool to perform malicious cyber-activities. In this context, botnets are used for example by individual perpetrators, organized ... This chapter gives a technical insight into current botnet techniques and discusses state of the art countermeasures ...
Tópico(s): Smart Grid Security and Resilience
2013 - Springer International Publishing | SpringerBriefs in cybersecurity
Rafael A. Rodríguez‐Gómez, Gabriel Macía-Fernández, Pedro Garcı́a-Teodoro,
Of all current threats to cybersecurity, botnets are at the top of the list. In consequence, interest in this problem is increasing rapidly among the research community and the ... recent years. This article proposes a taxonomy of botnet research and presents a survey of the field ... remain to be filled in our defenses against botnets. The taxonomy is based upon the botnet's life-cycle, defined as the sequence of stages a botnet needs to pass through in order to reach ... approach allows us to consider the problem of botnets from a global perspective, which constitutes a key ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2013 - Association for Computing Machinery | ACM Computing Surveys
Ping Wang, Lei Wu, Baber Aslam, Cliff C. Zou,
A "botnet" is a network of computers that are compromised and controlled by an attacker (botmaster). Botnets are one of the most serious threats to today's Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Due to the distributive nature of P2P networks, P2P botnets are more resilient to defense countermeasures. In this chapter, first we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2015 - Springer Nature | Intelligent systems reference library
Yacin Nadji, Roberto Perdisci, Manos Antonakakis,
Devices infected with malicious software typically form botnet armies under the influence of one or more command and control (C&C) servers. The botnet problem reached such levels where federal law enforcement ... have to step in and take actions against botnets by disrupting (or “taking down”) their C&Cs, ... companies have started to independently take action against botnet armies, primarily focusing on their DNS-based C& ... knowledge available around the malware that facilitates the botnet. With this paper, we aim to bring order, ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2015 - IEEE Computer Society | IEEE Transactions on Dependable and Secure Computing