Botnet Command Detection using Virtual Honeynet
نویسنده
چکیده
Internet attacks are growing with time, threats are increasing to disable infrastructure to those that also target peoples and organization, these increasing large attacks, and the new class of attacks directly targets the large businesses and governments around the world. At the centre of many of these attacks is a large pool of compromised computers which are called zombies commonly controlled by the attackers by using some common channels? Attackers use these zombies as anonymous proxies to hide their real identities and amplify their attacks. A botnet is a network of compromised machines that can be remotely controlled by an attacker. With the view of affect made by the botnet, we propose an approach using Virtual Honeynet data collection mechanisms to detect IRC and HTTP based botnet Command signatures. We have evaluated our approach using real world network traces.
منابع مشابه
Dynamic Deploying Distributed Low-interaction Honeynet
Distributed virtual honeynet is an important security detection system to Worms, Botnet detection, Spam and Distributed Denial-Of-Service. The honeynet value significantly relies on the disguise capacity. The traditional deploying method is a static scheme that the configuration of honeynet is determined by security experts beforehand and unable to change after the deployment. The hackers or Bo...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملA Survey on Botnet Architectures, Detection and Defences
Botnets are known to be one of the most serious Internet security threats. In this survey, we review botnet architectures and their controlling mechanisms. Botnet infection behavior is explained. Then, known botnet models are outlined to study botnet design. Furthermore, Fast-Flux Service Networks (FFSN) are discussed in great details as they play an important role in facilitating botnet traffi...
متن کاملCollecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment
Networks of compromised machines called botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective in dealing with new unknown bots. By slightly modifying the code of an existing bot, bot commanders can bypass mos...
متن کاملBotnet Detection and Analysis Using Honeynet
We discuss some techniques currently used by intruders to control groups of compromised machines (botnets). We show how honeynets can be used to identify, monitor and understand the behavior of botnets. We describe a real attack in detail, illustrating analysis techniques developed specifically for botnets. The tools, network topology and strategies we describe can easily be adopted by other re...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011