The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
X-means: Extending K-means with Efficient Estimation of the Number of Clusters
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Secure routing for structured peer-to-peer overlay networks
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
The Honeynet Project: Trapping the Hackers
IEEE Security and Privacy
The impact of DHT routing geometry on resilience and proximity
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Graph-theoretic analysis of structured peer-to-peer systems: routing distances and fault resilience
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
ACM SIGCOMM Computer Communication Review
On clusterings: Good, bad and spectral
Journal of the ACM (JACM)
The expansion and mixing time of skip graphs with applications
Proceedings of the seventeenth annual ACM symposium on Parallelism in algorithms and architectures
Rapidly Mixing Markov Chains with Applications in Computer Science and Physics
Computing in Science and Engineering
Anonymous routing in structured peer-to-peer overlays
Anonymous routing in structured peer-to-peer overlays
Design of a novel statistics counter architecture with optimal space and time efficiency
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
An algorithm for anomaly-based botnet detection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Wide-scale botnet detection and characterization
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Rishi: identify bot contaminated hosts by IRC nickname evaluation
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Performance Analysis of Real Traffic Carried with Encrypted Cover Flows
Proceedings of the 22nd Workshop on Principles of Advanced and Distributed Simulation
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
SS'08 Proceedings of the 17th conference on Security symposium
Bayesian bot detection based on DNS traffic similarity
Proceedings of the 2009 ACM symposium on Applied Computing
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Towards automated detection of peer-to-peer botnets: on the limits of local approaches
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
A foray into Conficker's logic and rendezvous points
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts
Proceedings of the 26th Annual Computer Security Applications Conference
Measuring the effectiveness of infrastructure-level detection of large-scale botnets
Proceedings of the Nineteenth International Workshop on Quality of Service
BotTrack: tracking botnets using NetFlow and PageRank
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Detecting bots via incremental LS-SVM learning with dynamic feature adaptation
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Efficient techniques for privacy-preserving sharing of sensitive information
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Challenges in experimenting with botnet detection systems
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Towards the effective temporal association mining of spam blacklists
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Stegobot: a covert social network botnet
IH'11 Proceedings of the 13th international conference on Information hiding
Humans and bots in internet chat: measurement, analysis, and automated classification
IEEE/ACM Transactions on Networking (TON)
Reliable client accounting for P2P-infrastructure hybrids
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Experimenting with fast private set intersection
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Populated IP addresses: classification and applications
Proceedings of the 2012 ACM conference on Computer and communications security
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
BotFinder: finding bots in network traffic without deep packet inspection
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Massive scale cyber traffic analysis: a driver for graph database research
First International Workshop on Graph Data Management Experiences and Systems
Detection of StegoBot: a covert social network botnet
Proceedings of the First International Conference on Security of Internet of Things
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
When private set intersection meets big data: an efficient and scalable protocol
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
More efficient oblivious transfer and extensions for faster secure computation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
PeerRush: mining for unwanted p2p traffic
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
A key feature that distinguishes modern botnets from earlier counterparts is their increasing use of structured overlay topologies. This lets them carry out sophisticated coordinated activities while being resilient to churn, but it can also be used as a point of detection. In this work, we devise techniques to localize botnet members based on the unique communication patterns arising from their overlay topologies used for command and control. Experimental results on synthetic topologies embedded within Internet traffic traces from an ISP's backbone network indicate that our techniques (i) can localize the majority of bots with low false positive rate, and (ii) are resilient to incomplete visibility arising from partial deployment of monitoring systems and measurement inaccuracies from dynamics of background traffic.