Toward botnet mesocosms
作者: Paul Barford , Mike Blodgett
DOI:
关键词:
摘要: An in-depth understanding of botnet behavior is a precursor to building effective defenses against this serious and growing threat. In paper we describe our initial steps toward flexible scalable laboratory testbed for experiments with bots botnets. Our Botnet Evaluation Environment (BEE) designed enable individual or networks up thousands be tested in secure, self-contained framework. BEE being developed as toolkit Emulab-enabled network testbeds; design choice made obviate the need user/experiment management functions access collections computing hosts. The focus implementation efforts has been on library OS/Bot images that can run systems virtual machines. currently includes generated from source code four well known (Agobot, GTbot, Spybot, SDbot) binary several unknown bots, number Windows OS variants. also set services are required botnets including DHCP, DynDNS, IRC, other tools useful measurement evaluation such VM monitors honeypots. To demonstrate utility BEE, simple tests characterizes command control traffic three different configurations.
参考文章(18)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Carol Simpson, Internet Relay Chat. Educational Media and Technology Yearbook. ,vol. 25, pp. 62- 65 ,(2000)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
David Dagon, Nick Feamster, Anirudh Ramachandran, Revealing botnet membership using DNSBL counter-intelligence conference on steps to reducing unwanted traffic on internet. pp. 8- 8 ,(2006)
Felix C. Freiling, Thorsten Holz, Georg Wicherski, Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks Computer Security – ESORICS 2005. pp. 319- 335 ,(2005) , 10.1007/11555827_19
Y. Rekhter, Address Allocation for Private Internets RFC. ,vol. 1597, pp. 1- 8 ,(1994)
C. Kalt, Internet Relay Chat: Client Protocol RFC. ,vol. 2812, pp. 1- 63 ,(2000)
Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm symposium on operating systems principles. ,vol. 39, pp. 148- 162 ,(2005) , 10.1145/1095809.1095825