In this paper we propose an architecture for using crossorganization information sharing to identify members of a group of hosts enslaved for malicious purposes on the Internet. We root our system in so-called “detectives”— savvy network monitors like sophisticated intrusion detection systems or honeyfarms that have a deep understanding of malicious behavior. We augment information from these d...
