The Zombie roundup: understanding, detecting, and disrupting botnets
作者: Farnam Jahanian , Danny McPherson , Evan Cooke
DOI:
关键词:
摘要: Global Internet threats are undergoing a profound transformation from attacks designed solely to disable infrastructure those that also target people and organizations. Behind these new is large pool of compromised hosts sitting in homes, schools, businesses, governments around the world. These systems infected with bot communicates controller other bots form what commonly referred as zombie army or botnet. Botnets very real quickly evolving problem still not well understood studied. In this paper we outline origins structure botnets use data operator community, Motion Sensor project, honeypot experiment illustrate botnet today. We then study effectiveness detecting by directly monitoring IRC communication command control activity show more comprehensive approach required. conclude describing system detect utilize advanced correlating secondary detection multiple sources.
poly.edu
ucsb.edu 参考文章(5)
Dominic G. Lucchetti, Peter M. Chen, Zhuoqing Morley Mao, Samuel T. King, Enriching Intrusion Alerts Through Multi-Host Causality. network and distributed system security symposium. ,(2005)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
L. McLaughlin, Bot software spreads, causes new worries IEEE Distributed Systems Online. ,vol. 5, pp. 1- ,(2004) , 10.1109/MDSO.2004.7
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan, Chord Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '01. ,vol. 31, pp. 149- 160 ,(2001) , 10.1145/383059.383071
Ian Clarke, Oskar Sandberg, Brandon Wiley, Theodore W. Hong, Freenet: a distributed anonymous information storage and retrieval system privacy enhancing technologies. pp. 46- 66 ,(2001) , 10.1007/3-540-44702-4_4