论文信息 - Botnet master detection using a mashup-based approach

Botnet master detection using a mashup-based approach

Botnets are considered by specialists, in both industry and academy, as one of the greatest threats to security on the Internet. These networks are composed by a large number of malware-infected hosts acting under a central command. They are usually employed to perform DDoS attacks or phishing scams. The behaviour of these botnets evolves due the adoption of new and sophisticated infection methods, changing of network protocols, and the employment of different command and control mechanisms. The security community, thus, is always dealing with such constant change. However, most botnet mitigation methods address just specific infection types or C&C protocols. We, therefore, propose a botnet mitigation approach based on the dynamic integration of pre-existing tools that can be employed together to achieve a more efficiently detection solution. To such end, we base our approach on a novel Web 2.0 technology called mashups to perform the information correlation. The proposal is extensible enough to allow even non-security information such as online mapping APIs be integrated to create more sophisticated compositions, and displaying the results in a more meaningful way.

Lisandro Zambenedetti Granville | Liane Margarida Rockenbach Tarouco | Carlos Raniery Paula dos Santos | Rafael Santos Bezerra | João Marcelo Ceron

[1] John C. Mitchell,et al. Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods , 2008, WOOT.

[2] Brent Byunghoon Kang,et al. Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[3] Guofei Gu,et al. A Taxonomy of Botnet Structures , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[4] Guofei Gu,et al. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[5] Felix C. Freiling,et al. Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[6] Guofei Gu,et al. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[7] Thorsten Holz,et al. Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation , 2007, HotBots.

[8] Neil Daswani,et al. The Anatomy of Clickbot.A , 2007, HotBots.

[9] Felix C. Freiling,et al. Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[10] Lisandro Zambenedetti Granville,et al. On the feasibility of Web 2.0 technologies for network management: A mashup-based approach , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.