Asynchronous consensus and broadcast protocols
Journal of the ACM (JACM)
Computer virus-antivirus coevolution
Communications of the ACM
Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
MisleadingWorm Signature Generators Using Deliberate Noise Injection
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Siren: Catching Evasive Malware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Honeypot-Aware Advanced Botnet Construction and Maintenance
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerabilities of passive internet threat monitors
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior
SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
IEEE Security and Privacy
SS'08 Proceedings of the 17th conference on Security symposium
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
Botnet has gained the most prevalence in today's cyber-attacks, resulting in significant threats to our network assets and organization's property. A botnet is composed of a group of bots and controlled by a botmaster, serving as a powerful tool to enforce various attacks, e.g., launching massive attacks like spamming and DDoS, stealing sensitive information. While a bunch of anti-bot techniques have been proposed, the evolution trend of botnets show that sophisticated botmasters can always manage to evade the botnet countermeasures. From the standpoint of potential attackers, and by examining the vulnerabilities of the existing botnets, this paper aims at exploring the means for hardening botnets, especially the obfuscation of communication channels between bot and botmaster. In particular, a stronger botnet variant named bot-enclave, is proposed to illustrate how the robustness of C &C (command-and-control) servers can be enhanced, and how the botnet communications can be protected from being tracked and intercepted. More practically, by identifying the trade off between botnet utility metrics, we show that the sophistication level of bot-enclave can be tuned up by a rational botmaster in order to construct more economical, feasible and effective botnet variants. The findings may significantly help us to gain insight into the characteristics of next-generation botnets, to be aware of the evolution trend before their actual occurrence, and ultimately to suggest the development of proactive anti-botnet techniques.