Freenet: a distributed anonymous information storage and retrieval system
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Bot Software Spreads, Causes New Worries
IEEE Distributed Systems Online
A self-learning worm using importance scanning
Proceedings of the 2005 ACM workshop on Rapid malcode
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM workshop on Recurring malcode
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
An algorithm for anomaly-based botnet detection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Fishing for phishes: applying capture-recapture methods to estimate phishing populations
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
A distributed content independent method for spam detection
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Wide-scale botnet detection and characterization
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
AS-based accountability as a cost-effective DDoS defense
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Talc: using desktop graffiti to fight software vulnerability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Spamscatter: characterizing internet scam hosting infrastructure
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Characterizing botnets from email spam records
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Location-based trust for mobile user-generated content: applications, challenges and implementations
Proceedings of the 9th workshop on Mobile computing systems and applications
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Agent Methods for Network Intrusion Detection and Response
HoloMAS '07 Proceedings of the 3rd international conference on Industrial Applications of Holonic and Multi-Agent Systems: Holonic and Multi-Agent Systems for Manufacturing
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A First Step towards Live Botmaster Traceback
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
SLEUTH: Single-pubLisher attack dEtection Using correlaTion Hunting
Proceedings of the VLDB Endowment
Correlation-based load balancing for network intrusion detection and prevention systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
SS'08 Proceedings of the 17th conference on Security symposium
SS'08 Proceedings of the 17th conference on Security symposium
Bayesian bot detection based on DNS traffic similarity
Proceedings of the 2009 ACM symposium on Applied Computing
Towards complete node enumeration in a peer-to-peer botnet
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hardening Botnet by a Rational Botmaster
Information Security and Cryptology
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
BotGAD: detecting botnets by capturing group activities in network traffic
Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Botnet-inspired architecture for interactive spaces
Proceedings of the 8th International Conference on Mobile and Ubiquitous Multimedia
Exploiting Temporal Persistence to Detect Covert Botnet Channels
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Detection of illicit traffic based on multiscale analysis
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Botnet: classification, attacks, detection, tracing, and preventive measures
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
ACM Transactions on Computer Systems (TOCS)
Honeypot detection in advanced botnet attacks
International Journal of Information and Computer Security
New detection of peer-to-peer controlled bots on the host
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Differential privacy for collaborative security
Proceedings of the Third European Workshop on System Security
Peeking through the cloud: DNS-based estimation and its applications
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
A model for covert botnet communication in a private subnet
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Efficient detection of bots in subscribers computers
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Predictive blacklisting as an implicit recommendation system
INFOCOM'10 Proceedings of the 29th conference on Information communications
Outsourcing home network security
Proceedings of the 2010 ACM SIGCOMM workshop on Home networks
Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing
ACM Transactions on Internet Technology (TOIT)
Extending black domain name list by using co-occurrence relation between DNS queries
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Internet background radiation revisited
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Evaluating Bluetooth as a medium for botnet command and control
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Social network-based botnet command-and-control: emerging threats and countermeasures
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet
Proceedings of the 26th Annual Computer Security Applications Conference
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Honeypot trace forensics: The observation viewpoint matters
Future Generation Computer Systems
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
Hidden bot detection by tracing non-human generated traffic at the Zombie host
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
Detecting bots via incremental LS-SVM learning with dynamic feature adaptation
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
MISHIMA: multilateration of internet hosts hidden using malicious fast-flux agents
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
Hunting distributed malware with the κ-calculus
FCT'11 Proceedings of the 18th international conference on Fundamentals of computation theory
Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Internet bad neighborhoods: the spam case
Proceedings of the 7th International Conference on Network and Services Management
Towards detection of botnet communication through social media by monitoring user activity
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Auto-learning of SMTP TCP transport-layer features for spam and abusive message detection
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Revisiting botnet models and their implications for takedown strategies
POST'12 Proceedings of the First international conference on Principles of Security and Trust
An 802.11 MAC layer covert channel
Wireless Communications & Mobile Computing
PAISI'12 Proceedings of the 2012 Pacific Asia conference on Intelligence and Security Informatics
Security and Communication Networks
Analysis of a "/0" stealth scan from a botnet
Proceedings of the 2012 ACM conference on Internet measurement conference
BotFinder: finding bots in network traffic without deep packet inspection
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Bot detection evasion: a case study on local-host alert correlation bot detection methods
Security and Communication Networks
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Proceedings of the 28th Annual Computer Security Applications Conference
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
Computer Networks: The International Journal of Computer and Telecommunications Networking
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Genetic-based real-time fast-flux service networks detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Hi-index | 0.00 |
Global Internet threats are undergoing a profound transformation from attacks designed solely to disable infrastructure to those that also target people and organizations. Behind these new attacks is a large pool of compromised hosts sitting in homes, schools, businesses, and governments around the world. These systems are infected with a bot that communicates with a bot controller and other bots to form what is commonly referred to as a zombie army or botnet. Botnets are a very real and quickly evolving problem that is still not well understood or studied. In this paper we outline the origins and structure of bots and botnets and use data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today. We then study the effectiveness of detecting botnets by directly monitoring IRC communication or other command and control activity and show a more comprehensive approach is required. We conclude by describing a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.