Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Behind phishing: an examination of phisher modi operandi
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Machine learning attacks against the Asirra CAPTCHA
Proceedings of the 15th ACM conference on Computer and communications security
A low-cost attack on a Microsoft captcha
Proceedings of the 15th ACM conference on Computer and communications security
Overbot: a botnet protocol based on Kademlia
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Towards Next-Generation Botnets
EC2ND '08 Proceedings of the 2008 European Conference on Computer Network Defense
Highly predictive blacklisting
SS'08 Proceedings of the 17th conference on Security symposium
SS'08 Proceedings of the 17th conference on Security symposium
Identifying suspicious URLs: an application of large-scale online learning
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Automatic Reverse Engineering of Malware Emulators
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Behavioral Patterns of Fast Flux Service Networks
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
A foray into Conficker's logic and rendezvous points
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
On the potential of proactive domain blacklisting
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
@spam: the underground on 140 characters or less
Proceedings of the 17th ACM conference on Computer and communications security
Attacks and design of image recognition CAPTCHAs
Proceedings of the 17th ACM conference on Computer and communications security
Detecting and characterizing social spam campaigns
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Detecting algorithmically generated malicious domain names
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Social network-based botnet command-and-control: emerging threats and countermeasures
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Detecting spammers on social networks
Proceedings of the 26th Annual Computer Security Applications Conference
Who is tweeting on Twitter: human, bot, or cyborg?
Proceedings of the 26th Annual Computer Security Applications Conference
Building a dynamic reputation system for DNS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Prophiler: a fast filter for the large-scale detection of malicious web pages
Proceedings of the 20th international conference on World wide web
Proceedings of the 20th international conference on World wide web
Andbot: towards advanced mobile botnets
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Stegobot: a covert social network botnet
IH'11 Proceedings of the 13th international conference on Information hiding
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.24 |
URL shortening services (USSes), which provide short aliases to registered long URLs, have become popular owing to Twitter. Despite their popularity, researchers do not carefully consider their security problems. In this paper, we explore botnet models based on USSes to prepare for new security threats before they evolve. Specifically, we consider using USSes for alias flux to hide botnet command and control (C&C) channels. In alias flux, a botmaster obfuscates the IP addresses of his C&C servers, encodes them as URLs, and then registers them to USSes with custom aliases generated by an alias generation algorithm. Later, each bot obtains the encoded IP addresses by contacting USSes using the same algorithm. For USSes that do not support custom aliases, the botmaster can use shared alias lists instead of the shared algorithm. DNS-based botnet detection schemes cannot detect an alias flux botnet, and network-level detection and blacklisting of the fluxed aliases are difficult. We also discuss possible countermeasures to cope with these new threats and investigate operating USSes.