Abstract | ||
---|---|---|
Research into defense against botnets, especially countermeasures against the command and control (C&C) protocol, has become increasingly significant as several large-scale botnets have resulted in serious threats on the Internet. However, most existing research efforts lack safe and efficient analysis platforms for C&C protocol fuzzing. Moreover, owing to the complex triggering conditions of botnet behaviors, these analysis platforms are unable to discover some of the \"potential\" behaviors of bots. To be well prepared for future attacks, increasing number of researchers have begun to study advanced botnet designs that could be developed by botmasters in the near future; however, they need a relatively closed and controllable environment designed by researchers to quantitatively evaluate the capabilities of these next-generation botnets. Consequently, we propose the Hybrid Botnet Ecological Environment (HBEE), which aims to make bots expose as many of their execution paths as possible, in order to mine the C&C protocol vulnerabilities of bots as well as to evaluate the capability of advanced botnets. Our design can also prevent bots from causing harm to the real Internet by malicious flow filtration and C&C server spoofing. Our preliminary results show that HBEE can observe communication actions and produce accurate and comprehensive data about botnet behaviors and advanced botnet capabilities. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1145/2660267.2662369 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
invasive software,botnet,vulnerability,c&c,hbee | Internet privacy,Ecological environment,Spoofing attack,Command and control,Srizbi botnet,Computer science,Computer security,Botnet,Asprox botnet,The Internet | Conference |
Citations | PageRank | References |
0 | 0.34 | 3 |
Authors | ||
3 |