论文信息 - Wide-Scale Botnet Detection and Characterization

Wide-Scale Botnet Detection and Characterization

Malicious botnets are networks of compromised computers that are controlled remotely to perform large-scale distributed denial-of-service (DDoS) attacks, send spam, trojan and phishing emails, distribute pirated media or conduct other usually illegitimate activities. This paper describes a methodology to detect, track and characterize botnets on a large Tier-1 ISP network. The approach presented here differs from previous attempts to detect botnets by employing scalable non-intrusive algorithms that analyze vast amounts of summary traffic data collected on selected network links. Our botnet analysis is performed mostly on transport layer data and thus does not depend on particular application layer information. Our algorithms produce alerts with information about controllers. Alerts are followed up with analysis of application layer data, that indicates less than 2% false positive rates.

[1] George M. Weaver,et al. Trends in Denial of Service Attack Technology CERT ® Coordination Center , 2001 .

[2] Jarkko Oikarinen,et al. Internet Relay Chat Protocol , 1993, RFC.

[3] Nicolas Ianelli,et al. Botnets as a Vehicle for Online Crime , 2007 .

[4] David J. C. MacKay,et al. Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.

[5] Aaron Hackworth,et al. Botnets as a Vehicle for Online Crimes , 2006 .

[6] Kevin J. Houle,et al. Trends in Denial of Service Attack Technology , 2001 .

[7] Paul V. Mockapetris,et al. Domain names - implementation and specification , 1987, RFC.

[8] St' Ephane Racine,et al. Analysis of Internet Relay Chat Usage by DDoS Zombies , 2004 .

[9] Jon Postel,et al. Assigned Numbers , 1979, RFC.

[10] Andreas Terzis,et al. A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[11] Carol Simpson,et al. Internet Relay Chat. , 2000 .

[12] Nick Feamster,et al. Revealing Botnet Membership Using DNSBL Counter-Intelligence , 2006, SRUTI.

[13] Farnam Jahanian,et al. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.