Honeynet-based Botnet Scan Traffic Analysis
نویسندگان
چکیده
With the increasing importance of Internet in everyone’s daily life, Internet security poses a serious problem. Now-a-days, botnets are the major tool to launch Internet-scale attacks. A “botnet” is a network of compromised machines that is remotely controlled by an attacker. In contrast of the earlier hacking activities (mainly used to show off the attackers’ technique skills), botnets are better organized and mainly used for the profit-centered endeavors. For example, the attacker can make profit through Email spam [1], click fraud [2], game accounts and credit card numbers harvest, and extortion through DoS attacks. Although thorough understanding and prevention of botnets are very important. Currently, the research community gains only limited insight into botnets. Several approaches can help to understand the botnet phenomena:
منابع مشابه
Collecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment
Networks of compromised machines called botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective in dealing with new unknown bots. By slightly modifying the code of an existing bot, bot commanders can bypass mos...
متن کاملBotnet Detection Through Fine Flow Classification
The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...
متن کاملDynamic Deploying Distributed Low-interaction Honeynet
Distributed virtual honeynet is an important security detection system to Worms, Botnet detection, Spam and Distributed Denial-Of-Service. The honeynet value significantly relies on the disguise capacity. The traditional deploying method is a static scheme that the configuration of honeynet is determined by security experts beforehand and unable to change after the deployment. The hackers or Bo...
متن کاملTowards Automating Analysis of Large-Scale Honeynet Events
Inspired by the work of Yegneswaran and colleagues on “Internet situational awareness” [30], we investigate ways to analyze data captured by honeynets—unused address blocks on which we deploy honeypot responders in order to elicit information about incoming probes—to understand the significance of large-scale “events” seen by the honeynet. In such events, an entire collection of remote hosts to...
متن کاملHoneypot detection in advanced botnet attacks
Botnets have become one of the major attacks in current Internet due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defense systems. Since honeypots set up by security defenders can attract botnet compromises and become spies in exposing botnet membership and botnet attacker behaviors, they are widely used by security d...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008