A multifaceted approach to understanding the botnet phenomenon
作者: Moheeb Abu Rajab , Jay Zarfoss , Fabian Monrose , Andreas Terzis
关键词:
摘要: The academic community has long acknowledged the existence of malicious botnets, however to date, very little is known about behavior these distributed computing platforms. To best our knowledge, botnet never been methodically studied, prevalence on Internet mostly a mystery, and life cycle yet be modeled. Uncertainty abounds. In this paper, we attempt clear fog surrounding botnets by constructing multifaceted measurement infrastructure. Throughout period more than three months, used infrastructure track 192 unique IRC size ranging from few hundred several thousand infected end-hosts. Our results show that represent major contributor unwanted traffic - 27% all connection attempts observed darknet can directly attributed botnet-related spreading activity. Furthermore, discovered evidence infections in 11% 800,000 DNS domains examined, indicating high diversity among victims. Taken as whole, not only highlight prominence but also provide deep insights may facilitate further research curtail phenomenon.
acm.org
ucsb.edu
jhu.edu 
icir.org 参考文章(15)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Paul Barford, Vinod Yegneswaran, An Inside Look at Botnets Advances in Information Security. pp. 171- 191 ,(2007) , 10.1007/978-0-387-44599-1_8
Vern Paxson, Weidong Cui, Nicholas Weaver, Randy H. Katz, Protocol-Independent Adaptive Replay of Application Dialog. network and distributed system security symposium. ,(2006)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Felix C. Freiling, Thorsten Holz, Georg Wicherski, Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks Computer Security – ESORICS 2005. pp. 319- 335 ,(2005) , 10.1007/11555827_19
Jeremy Sugerman, Beng-Hong Lim, Ganesh Venkitachalam, Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor usenix annual technical conference. pp. 1- 14 ,(2001)
Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling, The Nepenthes Platform: An Efficient Approach to Collect Malware Lecture Notes in Computer Science. pp. 165- 184 ,(2006) , 10.1007/11856214_9
C. Kalt, Internet Relay Chat: Client Protocol RFC. ,vol. 2812, pp. 1- 63 ,(2000)
Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, M. Frans Kaashoek, The click modular router ACM Transactions on Computer Systems. ,vol. 18, pp. 263- 297 ,(2000) , 10.1145/354871.354874