摘要: Encrypted botnets have seen an increasing use in recent years. To enable research detecting encrypted researchers need samples of botnet traces with ground truth, which are very hard to get. Traces that available not customizable, prevents testing under various controlled scenarios. address this problem we introduce BotTalker, a tool can be used generate customized communication traffic. BotTalker emulates the actions bot would take encrypt communication. It includes highly configurable encrypted-traffic converter along real, non-encrypted and background The is able convert into ones by providing customization three dimensions: (a) selection real encryption algorithm, (b) flow or packet level conversion, SSL emulation (c) IP substitution. best our knowledge, first work provides users In paper also apply evaluate damage result from traffic on widely detection system - BotHunter two IDS' Snort Suricata. results show foils these systems.
sci-hub.se 参考文章(14)
Paul Barford, Mike Blodgett, Toward botnet mesocosms conference on workshop on hot topics in understanding botnets. pp. 6- 6 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
John C. Mitchell, Elizabeth Stinson, Towards systematic evaluation of the evadability of bot/botnet detection methods usenix security symposium. pp. 5- ,(2008)
Anna Sperotto, Ramin Sadre, Frank van Vliet, Aiko Pras, A Labeled Data Set for Flow-Based Intrusion Detection ip operations and management. pp. 39- 50 ,(2009) , 10.1007/978-3-642-04968-2_4
Christian Rossow, Christian J. Dietrich, ProVeX: detecting botnets with encrypted command and control channels international conference on detection of intrusions and malware and vulnerability assessment. pp. 21- 40 ,(2013) , 10.1007/978-3-642-39235-1_2
Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, Ali A. Ghorbani, Toward developing a systematic approach to generate benchmark datasets for intrusion detection Computers & Security. ,vol. 31, pp. 357- 374 ,(2012) , 10.1016/J.COSE.2011.12.012
Engin Kirda, Davide Balzarotti, Ulrich Bayer, Imam Habibi, Christopher Kruegel, A view on current malware behaviors usenix conference on large scale exploits and emergent threats. pp. 8- 8 ,(2009)
Konrad Rieck, Guido Schwenk, Tobias Limmer, Thorsten Holz, Pavel Laskov, Botzilla Proceedings of the 2010 ACM Symposium on Applied Computing - SAC '10. pp. 1978- 1984 ,(2010) , 10.1145/1774088.1774506
John A. Copeland, Christopher Patrick Lee, Framework for botnet emulation and analysis Georgia Institute of Technology. ,(2009)
Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee, Ether Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 51- 62 ,(2008) , 10.1145/1455770.1455779