RB-Seeker: Auto-detection of Redirection Botnets.
作者: Matthew Knysz , Kang G. Shin , Xin Hu
DOI:
关键词:
摘要: A Redirection Botnet (RBnet) is a vast collection of compromised computers (called bots) used as redirection/proxy infrastructure and under the control botmaster. We present design, implementation evaluation system called Seeker (RB-Seeker) for automatic detection RBnets by utilizing three cooperating subsystems. Two subsystems are to generate database domains participating in redirection: one detects redirection bots following links embedded spam emails, other behavior based on network traces at large university edge router using sequential hypothesis testing. The generated these two fed into final subsystem, which then performs DNS query probing over time. Based certain behavioral attributes extracted from queries, subsystem makes use 2-tier strategy hyperplane decision functions. This allows it quickly identify aggressive with low false-positive rate (< 0.008%), while also accurately detecting stealthy (i.e., those mimicking valid behavior, such CDNs) monitoring their Using means RBnets, RB-Seeker impervious botmaster’s choice Command-and-Control (C&C) channel how botmaster communicates controls or encryption.
isoc.org
ndss-symposium.org参考文章(21)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Baoning Wu, Brian D. Davison, Cloaking and Redirection: A Preliminary Study. adversarial information retrieval on the web. pp. 7- 16 ,(2005)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Suresh Singh, James R. Binkley, An algorithm for anomaly-based botnet detection conference on steps to reducing unwanted traffic on internet. pp. 7- 7 ,(2006)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)