Overbot

Starnberger, Guenther; Kruegel, Christopher; Kirda, Engin

doi:10.1145/1460877.1460894

Cited by 41 publications

(1 citation statement)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…. Historical development of steel grades and joining processes used for hydropower penstocks and steel-lined shafts in Central Europe [1], [2] At first, penstocks were made from plates and joined by riveting. During the 1920s the so-called water-gas welding procedure became suitable for the production of pipes.…”

mentioning

confidence: 99%

Development, experience and qualification of steel grades for hydropower conduits

2013

View full text Add to dashboard Cite

In this contribution the historical development of materials and applied welding procedures in the field of hydropower plant shafts and penstocks is summarized. Based on the experiences and failure cases observed in the past in combination with modern methods, a best practice solution for the qualification of materials and processes is proposed. Additionally to weldability based on strength and toughness, fracture mechanics, fatigue behaviour and stress corrosion sensitivity have to be considered. All these measures have to be validated by application of related advanced NDT processes.

show abstract

mentioning

confidence: 99%

Development, experience and qualification of steel grades for hydropower conduits

2013

View full text Add to dashboard Cite

show abstract

Bot detection evasion: a case study on local‐host alert correlation bot detection methods

Shirley

Babu

Mano

2012

Security Comm Networks

View full text Add to dashboard Cite

Botnets have continuously evolved since their inception as a malicious entity. Attackers come up with new botnet designs that exploit the weaknesses in existing defense mechanisms and continue to evade detection. It is necessary to analyze the weaknesses of existing defense mechanisms to find out the lacunae in them. This research exposes a weakness found in an existing bot detection method (BDM) by implementing a specialized P2P botnet model and carrying out experiments on it. Weaknesses that are found and validated can be used to predict the development path of botnets, and as a result, detection and mitigation measures can be implemented in a proactive fashion. The main contribution of this work is to demonstrate the exploitation pattern of an inherent weakness in local-host alert correlation (LHAC) based methods and to assert that current LHAC implementations could allow pockets of cooperative bots to hide in an enterprise size network. This work suggests that additional monitoring capabilities must be added to current LHAC-based methods in order for them to remain a viable bot detection mechanism. This paper takes a forward-looking approach and presents a specific botnet development path based on a weakness evident in a successful BDM. This BDM will be defined as a local-host alert correlation (LHAC) based method. Further, this paper elaborates on the design and implementation of a different model for P2P botnet communication and describes the experiments conducted. The experiments demonstrate that the proposed botnet model can effectively hide from an LHAC-based BDM without having to rely on additional communication hiding tactics.It is often necessary to create a "proof-of-concept" that validates that a given vulnerability is exploitable. Therefore, this botnet model is tested against BotHunter [7]. BotHunter is a successful LHAC-based BDM. BotHunter is able to map a host's behavior to a malware infection life-cycle in order to flag compromised hosts as malware. The covert-botnet model tested in this work is able to circumvent BotHunter, and is implemented with this specific intent. The concept behind this model is extensible. Slight modifications to the covert-botnet framework would enable it to hide from any LHAC-based BDM that does not have the ability to account for all of a local host's network activity. Any botnet that is able to, somehow, circumvent the monitoring points employed by a BDM would be able to avoid detection in a similar manner.

show abstract

Secure and transparent network traffic replay, redirect, and relay in a dynamic malware analysis environment

Lin

Shih

et al. 2013

Security Comm Networks

View full text Add to dashboard Cite

Dynamic analysis is typically performed in a closed network environment to prevent the malware under analysis from attacking machines on the Internet. However, many of today's malwares require Internet connectivity to operate and to be thoroughly analyzed in a closed network environment. We propose a secure and transparent network environment that allows the malware in a dynamic analysis environment to have seemingly unrestricted Internet access in a secure manner. Our environment transparently dispatches malicious network traffic to compatible decoys while allowing harmless control traffic to have Internet access. We use 12 real‐world malware samples, which involve Internet connections, to evaluate the effectiveness of the proposed environment. The evaluation shows that the proposed environment can allow malware to exhibit more network activities than a closed network environment and can even outperform the baseline open network environment in some cases. In the meantime, Internet security is maintained by the dispatching of attack and propagation traffic to decoys inside the analysis environment. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Overbot

Cited by 41 publications

References 3 publications

Development, experience and qualification of steel grades for hydropower conduits

Development, experience and qualification of steel grades for hydropower conduits

Bot detection evasion: a case study on local‐host alert correlation bot detection methods

Secure and transparent network traffic replay, redirect, and relay in a dynamic malware analysis environment

Contact Info

Product

Resources

About