Honeypot trace forensics: The observation viewpoint matters
作者: Van-Hau Pham , Marc Dacier
DOI: 10.1016/J.FUTURE.2010.06.004
关键词: Honeypot 、 TRACE (psycholinguistics) 、 Computer security 、 Computer science 、 Botnet
摘要: In this paper, we propose a method to identify and group together traces left on low interaction honeypots by machines belonging the same botnet(s) without having any priori information at our disposal regarding these botnets. other words, offer solution detect new botnets thanks very cheap easily deployable solutions. The approach is validated several months of data collected with worldwide distributed Leurre.com system. To distinguish relevant from ones, them according either platforms, i.e. targets hit or countries origin attackers. We show that choice one two observation viewpoints dramatically influences results obtained. Each reveals unique explain why. Last but not least, remain active during long periods times, up 700 days, even if they are only visible time time.
elsevier.com
sci-hub.se 参考文章(24)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
Neil Daswani, Michael Stoppelman, The anatomy of Clickbot.A conference on workshop on hot topics in understanding botnets. pp. 11- 11 ,(2007)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Paul Barford, Vinod Yegneswaran, An Inside Look at Botnets Advances in Information Security. pp. 171- 191 ,(2007) , 10.1007/978-0-387-44599-1_8
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)