Comparing Hybrid Peer-to-Peer Systems
Proceedings of the 27th International Conference on Very Large Data Bases
An Analysis of the Slapper Worm
IEEE Security and Privacy
Responder Anonymity and Anonymous Peer-to-Peer File Sharing
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
IEEE Security and Privacy
Honeypots: Catching the Insider Threat
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Honeycomb: creating intrusion detection signatures using honeypots
ACM SIGCOMM Computer Communication Review
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
IEEE Security and Privacy
Honeypot-Aware Advanced Botnet Construction and Maintenance
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Worms and Viruses and Botnets, Oh My!: Rational Responses to Emerging Internet Threats
IEEE Security and Privacy
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
A Remote IDS Based on Multi-Agent Systems, Web Services and MDA
ICSEA '06 Proceedings of the International Conference on Software Engineering Advances
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
An algorithm for anomaly-based botnet detection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
The New Front Line: Estonia under Cyberassault
IEEE Security and Privacy
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Overbot: a botnet protocol based on Kademlia
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Towards Next-Generation Botnets
EC2ND '08 Proceedings of the 2008 European Conference on Computer Network Defense
Towards systematic evaluation of the evadability of bot/botnet detection methods
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
SS'08 Proceedings of the 17th conference on Security symposium
DBKDA '09 Proceedings of the 2009 First International Conference on Advances in Databases, Knowledge, and Data Applications
Towards insider threat detection using web server logs
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A Systematic Study on Peer-to-Peer Botnets
ICCCN '09 Proceedings of the 2009 Proceedings of 18th International Conference on Computer Communications and Networks
A model for covert botnet communication in a private subnet
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
MAD-IDS: novel intrusion detection system using mobile agents and data mining approaches
PAISI'10 Proceedings of the 2010 Pacific Asia conference on Intelligence and Security Informatics
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
Botnets have continuously evolved since their inception as a malicious entity. Attackers come up with new botnet designs that exploit the weaknesses in existing defense mechanisms and continue to evade detection. It is necessary to analyze the weaknesses of existing defense mechanisms to find out the lacunae in them. This research exposes a weakness found in an existing bot detection method (BDM) by implementing a specialized P2P botnet model and carrying out experiments on it. Weaknesses that are found and validated can be used to predict the development path of botnets, and as a result, detection and mitigation measures can be implemented in a proactive fashion. The main contribution of this work is to demonstrate the exploitation pattern of an inherent weakness in local-host alert correlation (LHAC) based methods and to assert that current LHAC implementations could allow pockets of cooperative bots to hide in an enterprise size network. This work suggests that additional monitoring capabilities must be added to current LHAC-based methods in order for them to remain a viable bot detection mechanism. Copyright © 2012 John Wiley & Sons, Ltd.