Botnets have become one of top threats to the Internet. Many detection methods have been developed to distinguish botnet behaviors from normal human behaviors. Future botnets, however, may incorporate the characteristics of human beings and weaken the existing detection techniques. In this work, we present a novel intelligent botnet, called the delay-tolerant botnet, that intentionally adds ran...

Online advertising is a complex on-line business, which has become the target of abuse. Recent charges filed from the United States Department of Justice against the operators of the DNSChanger botnet stated that the botnet operators stole approximately US$14 million [11,18] over two years. Using monetization tactics similar to DNSChanger, several large botnets (i.e., ZeroAccess and TDSS/TDL4) ...

Many Twitter users are bots. They can be used for spamming, opinion manipulation and online fraud. Recently, we discovered the Star Wars botnet, consisting of more than 350,000 bots tweeting random quotations exclusively from Star Wars novels. The bots were exposed because they tweeted uniformly from any location within two rectangle-shaped geographic zones covering Europe and the USA, includin...

A “botnet” consists of a network of compromised computers controlled by an attacker often called botmaster. Recently, botnets have become the root cause of many Internet attacks. To be well-prepared for future attacks, it is not only study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be develope...

In recent years, an increasing number of botnets use Domain Generation Algorithms (DGAs) to bypass botnet detection systems. DGAs, also referred as “domain fluxing”, has been used since 2004 for botnet controllers, and now become an emerging trend for malware. It can dynamically and frequently generate a large number of random domain names which are used to prevent security systems from detecti...

On November 11, 2008, the primary web hosting company, McColo, for the command and control servers of Srizbi botnet was shutdown by its upstream ISPs. Subsequent reports claimed that the volume of spam dropped significantly everywhere on that very same day. In this work, we aim to understand the world’s worst spamming botnet, Srizbi, and to study the effectiveness of targeting the botnet’s comm...

Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the fundamental infrastructure that responsible for various cyber-crimes. More challenges are involved in the problem of detecting P2P botnets, despite a few existing works claimed to detect traditional botnets effectively. In this paper, we present Enhanced PeerHunter, a network-flow level botnet...

Botnet detection has attracted lots of attention since botnet attack is becoming one of the most serious threats on the Internet. But little work has considered the online detection. In this paper, we propose a novel approach that can monitor the botnet activities in an online way. We define the concept of “feature streams” to describe raw network traffic. If some feature streams show high simi...

Botnets, as networks of compromised “zombie” computers, represent one of the most serious security threats on the Internet today. This paper explores how machines compromised with bot malware can be identified at local and enterprise networks in accurate and time-efficient manner. The paper introduces a novel multi-level botnet detection approach that performs network traffic analysis of three ...