BotGrep: finding P2P bots with structured graph analysis

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

BotGrep: finding P2P bots with structured graph analysis
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 /
Editor/Conference
Link http://static.usenix.org/events/sec10/tech/full papers/Nagaraja.pdf (Archive copy)
Author Shishir Nagaraja, Prateek Mittal, Chi-yao Hong, Matthew Caesar, Nikita Borisov
Type

Abstract

A key feature that distinguishes modern botnets from earlier counterparts is their increasing use of structured overlay topologies. This lets them carry out sophisticated coordinated activities while being resilient to churn, but it can also be used as a point of detection. In this work, we devise techniques to localize botnet members based on the unique communication patterns arising from their overlay topologies used for command and control. Experimental results on synthetic topologies embedded within Internet traffic traces from an ISP’s backbone network indicate that our techniques (i) can localize the majority of bots with low false positive rate, and (ii) are resilient to incomplete visibility arising from partial deployment of monitoring systems and measurement inaccuracies from dynamics of background traffic.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1048,
   editor = {},
   author = {Shishir Nagaraja, Prateek Mittal, Chi-yao Hong, Matthew Caesar, Nikita Borisov},
   title = {BotGrep: finding P2P bots with structured graph analysis},
   date = {28},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://static.usenix.org/events/sec10/tech/full_papers/Nagaraja.pdf}},
 }