A model for covert botnet communication in a private subnet

Authors:
Brandon Shirley;Chad D. Mano
Affiliations:
Department of Computer Science, Utah State University, Logan, UT;Department of Computer Science, Utah State University, Logan, UT
Venue:
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Year:
2008

Citing 9
Cited 2

Comparing Hybrid Peer-to-Peer Systems

Proceedings of the 27th International Conference on Very Large Data Bases
Responder Anonymity and Anonymous Peer-to-Peer File Sharing

ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Botnets: Big and Bigger

IEEE Security and Privacy
Malicious Bots Threaten Network Security

Computer
Honeypot-Aware Advanced Botnet Construction and Maintenance

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
The Zombie roundup: understanding, detecting, and disrupting botnets

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
An algorithm for anomaly-based botnet detection

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Peer-to-peer botnets: overview and case study

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium

Evidential structures and metrics for network forensics

International Journal of Internet Technology and Secured Transactions
Bot detection evasion: a case study on local-host alert correlation bot detection methods

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, botnets utilizing peer-to-peer style communication infrastructures have been discovered, requiring new approaches to detection and monitoring techniques. Current detection methods analyze network communication patterns, identifying systems that may have been recruited into the botnet. This paper presents a localized botnet communication model that enables a portion of compromised systems to hide from such detection techniques without a potentially significant increase in network monitoring points. By organizing bot systems at the the subnet level the amount of communication with the outside network is greatly reduced, requiring switch-level monitoring to identify infected systems.