botnetsurvey资源-CSDN文库

需积分: 6 88 浏览量 2008-08-28 13:57:38 上传评论收藏 225KB PDF 举报

资源详情

资源评论

资源推荐

A Survey of Botnets

YongQing Ni, DaeHun Nyang

Information Security Research Laboratory

Graduate School of IT & Telecommunication - InHa University

253 YongHyun-dong, Nam-gu, Incheon 402-751, Korea

niyongqing@gmail.com, nyang@inha.ac.kr

http://seclab.inha.ac.kr

Abstract. In the recent years, botnets have become a big issue on the

internet threaten. As the ﬁrst botnet which was based on IRC came out,

various and more resilient botnets with new technique are springing up

nowadays. To be well prepared for the future attacks from the Botnets, a

widely and deep-going survey is now at the top of agenda. In this paper,

we present a detailed study of botnets based on diﬀerent channels, and we

also propose an accurate category of the botnets. Furthermore, to better

understand the detection mechanisms to botnets, we make an in-depth

comparison based on variety of approaches.

Keywords: Botnet, Category, Channel, Peer-to-Peer.

1 Introduction

The botnet is a group of compromised computers working together under the

control of a remote attacker(“botmaster”)[3,4,1], usually for illegal purposes. It

is also a creative attack strategy evolved from traditional malware attacking

forms. In the past several years, malware attacks to the internet are becoming

more and more prevalent all over the world, and the botnet turns into the main

cause of these malicious attacks, such as email spam, Dos/DDos, phishing etc.

The common control structure for botmaster is IRC-based. The botmaster

posts the bot commands[5] using IRC channel. And all the botcommands will

be transmitted to the infected machines(“bots”) from the IRC server which is

controlled by the botmaster. With this control structure, the botmaster can eas-

ily infect other machines and control the bots which are involved in the speciﬁc

server. Thus, such botnet is easy to create, easy to manage and they respond

to commands fast. However, it is also easy to detect. Currently, many detect

approaches to the IRC-based botnet have been proposed. Such as Honeypot[6],

which can be used to track and monitor all the commands issued by attack-

ers, is still being updated and developed by many participators from the world.

GuoFei and his partners proposed a novel monitoring strategy on botnet, named

BotHunter[7] which focuses on recognizing the infection and coordination dia-

log that occurs during a successful mailware infection. Yousof Al-Hammadi and

Uwe Aickelin, they presented to detect the botnet through log correlation[8]. By

monitoring the change of behavior in log ﬁles from diﬀerent hosts, the communi-

cations will be monitored and they can distinguish the normal conversation and

behaviors or abnormal ones.

Diﬀerent from the common control structure mentioned above, Peer-to-Peer[9]

communication structure generated a new generation of botnet which we usu-

ally abbreviate it to P2P-based botnet. The signiﬁcant feature on P2P-based

botnet is that there’s no any central server for distributing commands, each of

bots plays the role as both client and server. Compared to IRC-based botnet,

the P2P-based one is more diﬃcult to be tracked directly and much more resi-

lent. With the prevalence of P2P-based botnet, the threaten to internet security

becomes more serious every day which also leads to a detection storm in the

research community. Julian B. Grizzard et al.[9] provide an overview of P2P-

based botnet and present a speciﬁc case study on Trojan.Peacomm bot. Christ

Nunnery and Brent ByungHoon Kang argue locating zombie nodes and botmas-

ters as ﬁrst step to detect P2P-based botnet. T. Holz et al.[11] propose their

strategy of measurements and mitigation on P2P-based botnet, and they apply

the approach to Storm Worm which is the most wide-spread P2P-based botnet

in the wild. With the new methodology applied in P2P-based botnet detection,

newly build-up P2P-based botnets are also gradually produeced. A advanced

hybrid[13] P2P botnet is proposed by Ping Wang et al. They argue new and

various of P2P-based botnets will be developed in the near future, so they as-

sume and present an advanced hybrid P2P-based botnet with robust network

connectivity and individualized encryption which is harder to be detected.

In the remaider of this paper, we will present more details in taxonomy of

botnets and the detection mechanisms. Section 2 shows a category of botnets in

wild based on our current research. According to the classiﬁcation in Section 2,

we describes the main detection mechanisms to botnets in Section 3. In Section

4, we present the trend of botnets and future work. Finally, we make a conclusion

in Section 5.

2 A Category of botnets

With the ﬁrst bot appeared in wild, a variety of botnets are released. Currently,

the botnets have been the biggest threaten to the internet security which aroused

a wide public concern in the security community. Lots of researchers and anti-

virus/malware companies start to study the mechanism of botnets and mitigate

the threaten from the botnets. But till now, there’s no any systematic and detail

investigation and analisis about the structures current wide-spread botnets based

on. So, we propose a category of botnets, and argue that study on botnets

structure is much important than just focus on single or special one.

2.1 IRC-based Botnet

As is well known, Internet Relay Chat(IRC) is a form of real-time communica-

tion system over the internet. But the attackers utilize it to form a botnet for

剩余12页未读，继续阅读

评论收藏

内容反馈

FLYFIGHT

粉丝: 0
资源: 3

botnet survey

评论0

最新资源

botnet survey

评论0

the survey

survey

DripSource_botnet_

Mirai_ResearchAnalytics_botnet_

BoTNet人脸识别.rar

A Survey of Botnet Technology and Defenses

diaocha_survey_

As the Net Churns: Fast-Flux Botnet Observations

Zmap qbot scanner_botnet_

Storm Worm & Botnet Analysis

论文研究-蜜罐先知型半分布式P2P Botnet的构建及检测方法.pdf

系统内核级botnet分析防范

survey-tiger

project-survey

stackoverflow_survey

flutter-survey

termux-botnet

Amari_Mirai_V2_botnet_

2019_Botnet_Trend_Report.pdf

My Botnet is Bigger than Yours (Maybe, Better than Yours) :why size estimates remain challenging

A Proposed Framework for P2P Botnet Detection

P2P as botnet command and control- A deeper insight

最新资源