Botnet Detection and Analysis Using Honeynet

نویسندگان

  • A. R. A. Gregio
  • L. O. Duarte
چکیده

We discuss some techniques currently used by intruders to control groups of compromised machines (botnets). We show how honeynets can be used to identify, monitor and understand the behavior of botnets. We describe a real attack in detail, illustrating analysis techniques developed specifically for botnets. The tools, network topology and strategies we describe can easily be adopted by other researchers and the network security community.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Dynamic Deploying Distributed Low-interaction Honeynet

Distributed virtual honeynet is an important security detection system to Worms, Botnet detection, Spam and Distributed Denial-Of-Service. The honeynet value significantly relies on the disguise capacity. The traditional deploying method is a static scheme that the configuration of honeynet is determined by security experts beforehand and unable to change after the deployment. The hackers or Bo...

متن کامل

Collecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment

Networks of compromised machines called botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective in dealing with new unknown bots. By slightly modifying the code of an existing bot, bot commanders can bypass mos...

متن کامل

Botnet Command Detection using Virtual Honeynet

Internet attacks are growing with time, threats are increasing to disable infrastructure to those that also target peoples and organization, these increasing large attacks, and the new class of attacks directly targets the large businesses and governments around the world. At the centre of many of these attacks is a large pool of compromised computers which are called zombies commonly controlle...

متن کامل

Botnet Detection Through Fine Flow Classification

The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...

متن کامل

BotOnus: an online unsupervised method for Botnet detection

Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008