BotTrack: tracking botnets using NetFlow and PageRank
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
| Hi-index | 0.00 |
As the largest botnet on the Internet, the Storm Worm peer-to-peer botnet partly parasitizes on current Overnet peer-to-peer networks. Therefore, distinguishing Storm bots from regular peers is of great meaning. In this paper we propose a novel method for identifying Strom bots using an active crawler that can collect location information from all participants. Due to the flaws in the generation algorithm of the global identifier of the Storm bots, the location information of each Storm bot partly contributes to the aliasing phenomena. After analyzing the properties of aliasing phenomena, we deduce a Storm bot measuring criteria to identify bots. The results show that the size of Storm Worm botnet would estimate over 400,000 during the first two weeks of February 2008 with the counting of online bots between 16,500 and 23,000.