Studying spamming botnets using Botlab
作者: Alexander Moshchuk , Steven D. Gribble , Arvind Krishnamurthy , John P. John
DOI:
关键词:
摘要: In this paper we present Botlab, a platform that continually monitors and analyzes the behavior of spam-oriented botnets. Botlab gathers multiple real-time streams information about botnets taken from distinct perspectives. By combining analyzing these streams, can produce accurate, timely, comprehensive data spam botnet behavior. Our prototype system integrates arriving at University Washington, outgoing generated by captive nodes, gleaned DNS URLs found within messages. We describe design implementation including challenges had to overcome, such as preventing nodes causing harm or thwarting virtual machine detection. Next, results detailed measurement study most active We find six are responsible for 79% messages UW campus. Finally, defensive tools take advantage improve filtering protect users harmful web sites advertised botnet-generated spam.
usc.edu
acm.org 参考文章(29)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
Tomas Isdal, Michael Piatek, Arvind Krishnamurthy, Thomas Anderson, Leveraging bittorrent for end host measurements passive and active network measurement. pp. 32- 41 ,(2007) , 10.1007/978-3-540-71617-4_4
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Abhinav Pathak, Y. Charlie Hu, Z. Morley Mao, Peeking into spammer behavior from a unique vantage point LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 3- ,(2008)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Geoffrey M. Voelker, Chris Fleizach, Stefan Savage, David S. Anderson, Spamscatter: characterizing internet scam hosting infrastructure usenix security symposium. pp. 10- ,(2007)
Li Zhuang, John Dunagan, Daniel R Simon, Helen J Wang, Ivan Osipkov, J Doug Tygar, Characterizing botnets from email spam records LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 2- ,(2008)