Principal Component Analysis of Botnet Takeover

A botnet is a network of compromised computers infected with malware that is controlled remotely via public communications media. Many attempts at botnet detection have been made including heuristics analyses of traffic. In this study, we propose a new method for identifying independent botnets in the CCC Dataset 2009, the log of download servers observed by distributed honeypots, by applying the technique of Principal Component Analysis. Our main results include distinguishing four independent botnets when a year is divided into five phases.

[1]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[2]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[3]  Ali A. Ghorbani,et al.  Automatic discovery of botnet communities on large-scale communication networks , 2009, ASIACCS '09.

[4]  Vern Paxson,et al.  Exploiting underlying structure for detailed reconstruction of an internet-scale event , 2005, IMC '05.

[5]  Vinod Yegneswaran,et al.  An Inside Look at Botnets , 2007, Malware Detection.

[6]  Carrie Gates,et al.  SWorD - A Simple Worm Detection Scheme , 2007, OTM Conferences.

[7]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[8]  Dawn Song,et al.  Malware Detection (Advances in Information Security) , 2006 .

[9]  Masashi Fujiwara,et al.  Heuristics for Detecting Botnet Coordinated Attacks , 2010, 2010 International Conference on Availability, Reliability and Security.

[10]  Stefan Savage,et al.  Network Telescopes: Technical Report , 2004 .

[11]  W. Timothy Strayer,et al.  Detecting Botnets with Tight Command and Control , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[12]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[13]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[14]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.