More Web Proxy on the site http://driver.im/

short-paper

Measuring Botnets in the Wild: Some New Trends

Authors:

Songqing ChenAuthors Info & Claims

ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Pages 645 - 650

https://doi.org/10.1145/2714576.2714637

Published: 14 April 2015 Publication History

Abstract

Today, botnets are still responsible for most large scale attacks on the Internet. Botnets are versatile, they remain the most powerful attack platform by constantly and continuously adopting new techniques and strategies in the arms race against various detection schemes. Thus, it is essential to understand the latest of the botnets in a timely manner so that the insights can be utilized in developing more efficient defenses. In this work, we conduct a measurement study on some of the most active botnets on the Internet based on a public dataset collected over a period of seven months by a monitoring entity. We first examine and compare the attacking capabilities of different families of today's active botnets. Our analysis clearly shows that different botnets start to collaborate when launching DDoS attacks.

References

[1]

M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In IMC, 2006.

Digital Library

[2]

M. M. Andrade and N. Vlajic. Dirt jumper: A key player in today's botnet-for-ddos market. In WorldCIS. IEEE, 2012.

[3]

P. Bacher, T. Holz, M. Kotter, and G. Wicherski. Know your enemy: Tracking botnets. http://www.honeynet.org/papers/bots, 2005.

[4]

P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The nepenthes platform: An efficient approach to collect malware. In RAID, pages 165--184. Springer, 2006.

Digital Library

[5]

P. Barford and V. Yegneswaran. An inside look at botnets. In Malware Detection, pages 171--191. Springer, 2007.

[6]

H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. Youssef, M. Debbabi, and L. Wang. On the analysis of the zeus botnet crimeware toolkit. In PST, pages 31--38. IEEE, 2010.

[7]

J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011.

Digital Library

[8]

J. Caballero, P. Poosankam, C. Kreibich, and D. Song. Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering. In CCS, pages 621--634. ACM, 2009.

Digital Library

[9]

W. Chang, A. Wang, A. Mohaisen, and S. Chen. Characterizing botnets-as-a-service. In Proceedings of the 2014 ACM conference on SIGCOMM, pages 585--586. ACM, 2014.

Digital Library

[10]

C. Y. Cho, J. Caballero, C. Grier, V. Paxson, and D. Song. Insights from the inside: A view of botnet management from infiltration. In USENIX LEET, 2010.

Digital Library

[11]

N. Daswani, M. Stoppelman, the Google Click Quality, and S. Teams. The anatomy of clickbot.a. In USENIX HotBots, Cambridge, MA, April 2007.

Digital Library

[12]

C. P. L. David Dagon, Guofei Gu and W. Lee. A taxonomy of botnet structures. In ACSCA, 2007.

[13]

M. A. R. J. Z. Fabian and M. A. Terzis. My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In USENIX HotBots, 2007.

[14]

J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. In USENIX HotBots, pages 8--8. Cambridge, MA, 2007.

Digital Library

[15]

J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon. Peer-to-peer botnets: Overview and case study. In USENIX HotBots, pages 1--1, 2007.

Digital Library

[16]

G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through ids-driven dialog correlation. In USENIX Security, page 12, 2007.

Digital Library

[17]

G. Gu, J. Zhang, and W. Lee. Botsniffer: Detecting botnet command and control channels in network traffic. In NDSS, 2008.

[18]

T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. C. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In USENIX LEET, volume 8, pages 1--9, 2008.

Digital Library

[19]

Info Security Magazine. Spamhaus suffers largest ddos attack in history - entire internet affected. http://bit.ly/1bfx3ZH, March 2013.

[20]

L. Jing, X. Yang, G. Kaveh, D. Hongmei, and Z. Jingyuan. Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP JWCN, 2009.

Digital Library

[21]

A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In USENIX HotBots, volume 7. Cambridge, MA, 2007.

Digital Library

[22]

A. Moshchuk, T. Bragin, D. Deville, S. Gribble, and H. Levy. Spyproxy: Execution-based detection of malicious web content. In USENIX Security, 2007.

Digital Library

[23]

J. Nazario. Blackenergy ddos bot analysis. Arbor, 2007.

[24]

S. Shin and G. Gu. Conficker and beyond: a large-scale empirical study. In ACSAC, pages 151--160. ACM, 2010.

Digital Library

[25]

E. Stinson and J. C. Mitchell. Characterizing the remote control behavior of bots. In DIMVA, 2007.

Digital Library

[26]

Team Cymru. Team cymru community services. http://www.team-cymru.org/Monitoring/, May 2013.

[27]

P. Wang, S. Sparks, and C. C. Zou. An advanced hybrid peer-to-peer botnet. TDSC, 7(2):113--127, 2010.

Digital Library

[28]

Z. Zhu, G. Lu, Y. Chen, Z. Fu, P. Roberts, and K. Han. Botnet research survey. In COMPSAC, pages 967--972. IEEE, 2008.

Digital Library

Cited By

Famera AShukla RBhunia S(2024)Cross Device Federated Intrusion Detector for Early Stage Botnet Propagation in IoT2024 IEEE International Systems Conference (SysCon)10.1109/SysCon61195.2024.10553450(1-8)Online publication date: 15-Apr-2024
https://doi.org/10.1109/SysCon61195.2024.10553450
Lyu MHabibi Gharakheili HSivaraman V(2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419068
Faulkenberry AAvgetidis AMa ZAlrawi OLever CKintis PMonrose FKeromytis AAntonakakis M(2022)View from Above: Exploring the Malware Ecosystem from the Upper DNS HierarchyProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564646(240-250)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564646
Show More Cited By

Index Terms

Measuring Botnets in the Wild: Some New Trends

Recommendations

Your botnet is my botnet: analysis of a botnet takeover
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is ...
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
Spamming botnets: signatures and characteristics

In this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, we developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

April 2015

698 pages

ISBN:9781450332453

DOI:10.1145/2714576

General Chairs:
Feng Bao
Huawei Technologies Pte Ltd, Singapore
,
Steven Miller
Singapore Management University, Singapore
,
Program Chairs:
Jianying Zhou
Institute for Infocomm Research, Singapore
,
Gail-Joon Ahn
Arizona State University, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Science Foundation

Conference

ASIA CCS '15

Sponsor:

SIGSAC

ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security

April 14 - March 17, 2015

Singapore, Republic of Singapore

Acceptance Rates

ASIA CCS '15 Paper Acceptance Rate 48 of 269 submissions, 18%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
609
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)6

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Famera AShukla RBhunia S(2024)Cross Device Federated Intrusion Detector for Early Stage Botnet Propagation in IoT2024 IEEE International Systems Conference (SysCon)10.1109/SysCon61195.2024.10553450(1-8)Online publication date: 15-Apr-2024
https://doi.org/10.1109/SysCon61195.2024.10553450
Lyu MHabibi Gharakheili HSivaraman V(2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419068
Faulkenberry AAvgetidis AMa ZAlrawi OLever CKintis PMonrose FKeromytis AAntonakakis M(2022)View from Above: Exploring the Malware Ecosystem from the Upper DNS HierarchyProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564646(240-250)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564646
Xu ZRamanathan SRush AMirkovic JYu MBianchi GMei A(2022)XatuProceedings of the 18th International Conference on emerging Networking EXperiments and Technologies10.1145/3555050.3569121(1-17)Online publication date: 30-Nov-2022
https://dl.acm.org/doi/10.1145/3555050.3569121
Hajimaghsoodi MJalili R(2022)RAD: A Statistical Mechanism Based on Behavioral Analysis for DDoS Attack CountermeasureIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.317259817(2732-2745)Online publication date: 2022
https://doi.org/10.1109/TIFS.2022.3172598
Al-Shareeda MManickam SSaare MKaruppayah SAlazzawi M(2022)Detection Mechanisms for Peer-to-Peer Botnets: A Comparative Study2022 8th International Conference on Contemporary Information Technology and Mathematics (ICCITM)10.1109/ICCITM56309.2022.10031860(267-272)Online publication date: 31-Aug-2022
https://doi.org/10.1109/ICCITM56309.2022.10031860
Bederna ZSzádeczky T(2021)Effects of botnets – a human-organisational approachSecurity and Defence Quarterly10.35467/sdq/13858835:3(25-44)Online publication date: 1-Jul-2021
https://doi.org/10.35467/sdq/138588
Gosain DRawat MSharma PAcharya H(2020)Maginot Lines and Tourniquets: On the Defendability of National Cyberspace2020 IEEE 45th LCN Symposium on Emerging Topics in Networking (LCN Symposium)10.1109/LCNSymposium50271.2020.9363273(19-30)Online publication date: 17-Nov-2020
https://doi.org/10.1109/LCNSymposium50271.2020.9363273
Abusnaina AAbuhamad MNyang DChen SWang AMohaisen D(2020)Insights into Attacks’ Progression: Prediction of Spatio-Temporal Behavior of DDoS AttacksInformation Security Applications10.1007/978-3-030-65299-9_27(362-374)Online publication date: 9-Dec-2020
https://doi.org/10.1007/978-3-030-65299-9_27
McDaniel TSmith JSchuchard M(2020)The Maestro Attack: Orchestrating Malicious Flows with BGPSecurity and Privacy in Communication Networks10.1007/978-3-030-63086-7_7(97-117)Online publication date: 12-Dec-2020
https://doi.org/10.1007/978-3-030-63086-7_7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents