botnet
A multifaceted approach to understanding the botnet phenomenon
free download
ABSTRACT While it is generally accepted that botnets are used as distributed computing platforms for malicious activity, very little is known about their behavior. To date, questions that range from assessing the prevalence of botnet activity on the Internet to understating
BotSniffer: Detecting botnet command and control channels in network traffic
free download
ABSTRACT Botnets are now recognized as one of the most serious security threats. In contrast to previous malware, botnets have the characteristic of a command and control channel. Botnets also often use existing common protocols, eg, IRC, HTTP, and in
Wide-scale botnet detection and characterization
free download
ABSTRACT Malicious botnets are networks of compromised computers that are controlled remotely to perform large-scale distributed denial-of-service (DDoS) attacks, send spam, trojan and phishing emails, distribute pirated media or conduct other usually illegitimate
Modeling botnet propagation using time zones
free download
ABSTRACT Time zones play an important and unexplored role in malware epidemics. To understand how time and location affect malware spread dynamics, we studied botnets, or large coordinated collections of victim machines (zombies) controlled by attackers. Over a
Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks
free download
Denial-of-Service (DoS) attacks pose a significant threat to the Internet today especially if they are distributed, ie, launched simultaneously at a large number of systems. Reactive techniques that try to detect such an attack and throttle down malicious traffic prevail today
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
free download
ABSTRACT As if fueled by its own fire, curiosity and speculation regarding botnet sizes abounds. Among researchers, in the press, and in the classroom-the questions regarding the widespread effect of botnets seem never-ending: what are they? how many are there?
Botnet detection based on network behavior
free download
Current techniques for detecting botnets examine traffic content for IRC commands, monitor DNS for strange usage, or set up honeynets to capture live bots. Our botnet detection approach is to examine flow characteristics such as bandwidth, packet timing, and burst
Characterizing the IRC-based botnet phenomenon
free download
ABSTRACT Botnets, networks of compromised machines that can be remotely controlled by an attacker, are one of the most common attack platforms nowadays. They can, for example, be used to launch distributed denial-of-service (DDoS) attacks, steal sensitive information, or
Botnet detection and response
free download
Botnet Detection and Response The Network is the Infection Bot Detection What’s the Difference? Why track both bots and botnets?
Bots botnet: An overview
free download
ABSTRACT Using thousands of zombie machines to launch distributed denial of service attack against enterprise and government internet resources by attackers is becoming dangerously common trend. To create this army of zombie internet hosts, attackers typically infect
Antisocial networks: Turning a social network into a botnet
free download
Antisocial Networks are distributed systems based on social networking Web sites that can be exploited by attackers, and directed to carry out network attacks. Malicious users are able to take control of the visitors of social sites by remotely manipulating their browsers
Not-a-bot: Improving service availability in the face of botnet attacks
free download
ABSTRACT A large fraction of email spam, distributed denial-ofservice (DDoS) attacks, and click- fraud on web advertisements are caused by traffic sent from compromised machines that form botnets. This paper posits that by identifying human-generated traffic as such, one
Automatically generating models for botnet detection
free download
ABSTRACT. A botnet is a network of compromised hosts that is under the control of a single, malicious entity, often called the botmaster. We present a system that aims to detect bots, independent of any prior information about the command and control channels or
Botnet judo: Fighting spam with itself
free download
ABSTRACT We have traditionally viewed spam from the receiver’s point of view: mail servers assaulted by a barrage of spam from which we must pick out a handful of legitimate messages. In this paper we describe a system for better filtering spam by exploiting the
Insights from the inside: A view of botnet management from infiltration
free download
ABSTRACT Recent work has leveraged botnet infiltration techniques to track the activities of bots over time, particularly with regard to spam campaigns. Building on our previous success in reverseengineering C&C protocols, we have conducted a 4-month infiltration of
Evaluating bluetooth as a medium for botnet command and control
free download
Malware targeting mobile phones is being studied with increasing interest by the research community. While such attention has previously focused on viruses and worms, many of which use near-field communications in order to propagate, none have investigated
Honeynet-based botnet scan traffic analysis
free download
With the increasing importance of Internet in everyone’s daily life, Internet security poses a serious problem. Nowadays, botnets are the major tool to launch Internetscale attacks. A botnet is a network of compromised machines that is remotely controlled by an attacker.
Botnet economics: uncertainty matters
free download
Botnets have become an increasing security concern in today’s Internet. Thus far the mitigation to botnet attacks is a never ending arms race focusing on technical approaches. In this chapter, we model botnet-related cybercrimes as a result of profit-maximizing decision
Botnet communication topologies
free download
A clear distinction between a bot agent and a common piece of malware lies within a bot’s ability to communicate with a command-and-control (C&C) infrastructure. C&C allows a bot agent to receive new instructions and malicious capabilities, as dictated by a remote
Exploiting temporal persistence to detect covert botnet channels
free download
ABSTRACT. We describe a method to detect botnet command and control traffic and individual end-hosts. We introduce the notion of destination traffic atoms which aggregate the destinations and services that are communicated with. We then compute the persistence,
Attack of the 50 foot botnet
free download
ABSTRACT The trend toward smaller botnets may be more dangerous in terms of large-scale attacks like distributed denials of service. We examine the possibility of super-botnets, networks of independent botnets that can be coordinated for attacks of unprecedented
The real face of Koobface: The largest web 2.0 botnet explained
free download
Nothing encapsulates the Web 2.0 concept more than social networking sites, which provide users the ability to connect, communicate, and share with others. Social networking sites also serve as a platform for the advertising industry. They allow businesses to become
An analysis of the ikee. b iphone botnet
free download
We present an analysis of the iKee. B (duh) Apple iPhone bot client, captured on November purpose of coordinating its infected iPhones via a Lithuanian botnet server. This report
Honeypot detection in advanced botnet attacks
free download
Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security defenders can
Social network-based botnet command-and-control: emerging threats and countermeasures
free download
Botnets have become a major threat in cyberspace. In order to effectively combat botnets, we need to understand a botnet’s Command-and-Control (C&C), which is challenging because C&C strategies and methods evolve rapidly. Very recently, botmasters have
A model for covert botnet communication in a private subnet
free download
Recently, botnets utilizing peer-to-peer style communication infrastructures have been discovered, requiring new approaches to detection and monitoring techniques. Current detection methods analyze network communication patterns, identifying systems that may
Botnet tracking: Tools, techniques, and lessons learned
free download
Summary The threat posed by botnets has become increasingly high profile in the past several years, most recently at the World Economic Forum in Davos, Swizerland, where Dr. Vint Cerf (Google) noted that botnets are the biggest threat to Internet stability and security
Tumbling down the rabbit hole: exploring the idiosyncrasies of botmaster systems in a multi-tier botnet infrastructure
free download
ABSTRACT In this study, we advance the understanding of botmaster-owned systems in an advanced botnet, Waledac, through the analysis of file-system and network trace data from the upper-tiers in its architecture. The functionality and existence of these systems has to-
Storm worm botnet analysis
free download
This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing Web sites to spread and infect computers. When the worm breaks into the system, it installs a kernel driver to protect itself. With the help of the driver, it then injects
Agent-based Modeling and Simulation of Botnets and Botnet Defense
free download
ABSTRACT Nowadays we are witnesses of the rapid spread of botnets across the Internet and using them for different cyber attacks against our systems. Botnets join a huge number of compromised computers in the Internet and allow using these computers for performing
Defaming botnet toolkits: A bottom-up approach to mitigating the threat
free download
ABSTRACT Botnets have become one of the most prevailing threats to today’s Internet partly due to the underlying economic incentives of operating one. Botnet toolkits sold by their authors allow any layman to generate his/her own customized botnet and become a
A probabilistic population study of the Conficker-C botnet
free download
ABSTRACT. We estimate the number of active machines per hour infected with the Conficker-C worm, using a probability model of Conficker-C’s UDP P2P scanning behavior. For an observer with access to a proportion d of monitored IPv4 space, we derive the distribution