Measuring Botnets in the Wild

Chang, Wentao; Mohaisen, Aziz; Wang, An; Chen, Songqing

doi:10.1145/2714576.2714637

Cited by 39 publications

(12 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Despite many previous attempts at botnet measurement [13,10,22,15,6] and botnet detection [8,12,16,7,18,9,23], little attention has been paid to attack prediction. There are many different motivations for attack prediction, such as predicting the DDoS start time of the next expected attack from a particular botnet family [21], blocking hostile traffic in the future by measuring an indicator of how likely it is that the network will contain compromised hosts [11],…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Empirical Study on Flow-based Botnet Attacks Prediction

Hatada¹,

Scholl²

2020

View full text Add to dashboard Cite

In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. In contrast, this study aims to predict botnet attacks, such as massive spam emails and distributed denial-of-service attacks. To that end, this empirical study presents a prediction method for botnet attacks. The method leverages measurement of command and control (C2) activities and automated labeling by associating C2 with attacks. The method was evaluated using a large-scale, real-world, and long-term dataset. The result shows that the proposed method can predict an increase in attacks with an accuracy of 0.767. The contribution to prediction was further analyzed in terms of features and time.

show abstract

Section: Related Workmentioning

confidence: 99%

“…A command and control (C2) server plays a significant role in a botnet: it sends commands to bots and receives outputs of bots while hiding a botmaster behind it. Despite many previous attempts at botnet measurement [13,10] and botnet detection [8,12,16,7], there is little research on predicting botnet attacks [4,5].…”

Section: Introductionmentioning

confidence: 99%

An Empirical Study on Flow-based Botnet Attacks Prediction

Hatada¹,

Scholl²

2020

View full text Add to dashboard Cite

show abstract

“…With botnets quickly becoming the one of the most prevalent threats on the Internet, the key threat we are most concerned with is ultimately the botmaster who commands a herd of bots. To communicate with their bots, botmasters typically use domain names as its C2 channel because they are easy to acquire and recycle .…”

Section: System Overviewmentioning

confidence: 99%

Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT

Spaulding

Park

Kim

et al. 2018

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

In this paper, we introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things–scale botnets. Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference‐based lightweight feature for malicious C2 domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.

show abstract

“…Since their first appearance in 1990, botnets are considered one of the most serious threats against cyber-security. They are difficult to detect, hard to prevent, and their dimension can be as big as millions of infected machines worldwide [1].…”

Section: Introductionmentioning

confidence: 99%

Boten ELISA: A novel approach for botnet C&C in Online Social Networks

Compagno

Conti

Lain

et al. 2015

2015 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

The Command and Control (C&C) channel of modern botnets is migrating from traditional centralized solutions (such as the ones based on Internet Relay Chat and Hyper Text Transfer Protocol), towards new decentralized approaches. As an example, in order to conceal their traffic and avoid blacklisting mechanisms, recent C&C channels use peer-to-peer networks or abuse popular Online Social Networks (OSNs). A key reason for this paradigm shift is that current detection systems become quite effective in detecting centralized C&C. In this paper we propose ELISA (Elusive Social Army), a botnet that conceals C&C information using OSNs accounts of unaware users. In particular, ELISA exploits in a opportunistic way the messages that users exchange through the OSN. Furthermore, we provide our prototype implementation of ELISA. We show that several popular social networks can be maliciously exploited to run this type of botnet, and we discuss why current traffic analysis systems cannot detect ELISA. Finally, we run a thorough set of experiments that confirm the feasibility of our proposal. We have no evidence of any real-world botnets that use our technique to create C&C channels. However, we believe that finding out in advance potential new types of botnets will help to prevent possible future malevolent applications.

show abstract

Measuring Botnets in the Wild

Cited by 39 publications

References 16 publications

An Empirical Study on Flow-based Botnet Attacks Prediction

An Empirical Study on Flow-based Botnet Attacks Prediction

Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT

Boten ELISA: A novel approach for botnet C&C in Online Social Networks

Contact Info

Product

Resources

About