Progress in Command and Control Server Finding Schemes of Botnet

Botnets have become one of the most serious threats to current Internet and future network security. Only finding and connecting command and control(C&C) servers can bots join and work for botnet, hence how to find C&C servers is critical to botnet management and running. In this paper, we preliminarily summarize and classify the currently typical C&C server finding schemes as three types: dedicated IP address, Internet infrastructure and third-party application/service from a new perspective. And we compare these three types on four aspects. It's seen that third type presents better than other two types on complexity, flexibility, traffic covertness and scale.

[1]  Balachander Krishnamurthy,et al.  Measuring personalization of web search , 2013, WWW.

[2]  Nikita Borisov,et al.  Stegobot: A Covert Social Network Botnet , 2011, Information Hiding.

[3]  Jong Kim,et al.  Punobot: Mobile Botnet Using Push Notification Service in Android , 2013, WISA.

[4]  Dustin Burke,et al.  Real-Time Detection of Fast Flux Service Networks , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[5]  Sandeep Yadav,et al.  Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis , 2012, IEEE/ACM Transactions on Networking.

[6]  Herbert Bos,et al.  Reliable Recon in Adversarial Peer-to-Peer Botnets , 2015, Internet Measurement Conference.

[7]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[8]  Chun-Ying Huang,et al.  Fast-Flux Bot Detection in Real Time , 2010, RAID.

[9]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[10]  Christopher Krügel,et al.  Overbot: a botnet protocol based on Kademlia , 2008, SecureComm.

[11]  Sven Dietrich,et al.  Analysis of the Storm and Nugache Trojans: P2P Is Here , 2007, login Usenix Mag..

[12]  Sharath Chandra Guntuku,et al.  Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests , 2014, Inf. Sci..

[13]  Hahn-Ming Lee,et al.  Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection , 2010, ASIACCS '10.

[14]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[15]  Sandeep Yadav,et al.  Winning with DNS Failures: Strategies for Faster Botnet Detection , 2011, SecureComm.

[16]  Ken Chiang,et al.  A Case Study of the Rustock Rootkit and Spam Bot , 2007, HotBots.

[17]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[18]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[19]  Jetzabel M. Serna,et al.  Benchmarking IP blacklists for financial botnet detection , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[20]  Roberto Perdisci,et al.  From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware , 2012, USENIX Security Symposium.

[21]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[22]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[23]  Sven Dietrich,et al.  P2P as botnet command and control: A deeper insight , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[24]  Jens Myrup Pedersen,et al.  An efficient flow-based botnet detection using supervised machine learning , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[25]  R. Sisto,et al.  Interest Flooding Attack Countermeasures Assessment on Content Centric Networking , 2015, 2015 12th International Conference on Information Technology - New Generations.

[26]  Konstantin Beznosov,et al.  Design and analysis of a social botnet , 2013, Comput. Networks.

[27]  Santosh S. Vempala,et al.  Filtering spam with behavioral blacklisting , 2007, CCS '07.

[28]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[29]  Christopher Krügel,et al.  Extracting probable command and control signatures for detecting botnets , 2014, SAC.

[30]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[31]  Guang Cheng,et al.  A Novel Search Engine-Based Method for Discovering Command and Control Server , 2015, ICA3PP.

[32]  Arash Habibi Lashkari,et al.  A Wide Survey on Botnet , 2011, DICTAP.