On the performance of internet worm scanning strategies
Performance Evaluation
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior
SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
Botnet Detection by Monitoring Group Activities in DNS Traffic
CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Wide-scale botnet detection and characterization
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Rishi: identify bot contaminated hosts by IRC nickname evaluation
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
Overbot: a botnet protocol based on Kademlia
Proceedings of the 4th international conference on Security and privacy in communication netowrks
SS'08 Proceedings of the 17th conference on Security symposium
Towards complete node enumeration in a peer-to-peer botnet
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A targeted web crawling for building malicious javascript collection
Proceedings of the ACM first international workshop on Data-intensive software management and mining
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Worm Detection in an IPv6 Internet
CIS '09 Proceedings of the 2009 International Conference on Computational Intelligence and Security - Volume 02
A foray into Conficker's logic and rendezvous points
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A P2P-Based Worm in Next Gernation Network
ICGEC '10 Proceedings of the 2010 Fourth International Conference on Genetic and Evolutionary Computing
| Hi-index | 0.00 |
Botnets are large networks of infected computers controlled by an attacker. Much effort has already been invested in the detection and analysis mechanisms, capable of defusing this type of threat. However, botnets have been constantly evolving, and will certainly continue to do so. We must, therefore, make an effort to foresee and study possible future designs, if we are to be capable of timely development of adequate defense mechanisms. Many of the most recent methods to detect and analyze botnets are based upon the vulnerabilities of their command-and-control (C2) infrastructure. We thus believe that attackers will follow a predictable evolutionary pattern, and start using designs with more robust and stealth C2 channels, thus minimizing the risk of shutdown or infiltration. In this paper, we will therefore analyze in detail a new kind of botnet C2 infrastructure, where bots do not possess any information concerning command-and-control mechanisms. These stealth, isolated bots are controlled through honest participants not pertaining to the botnet. This architecture eliminates the possibility of estimation of the botnet size, minimizes the probability of detection of individual bots, and eliminates the possibility of researcher infiltration.