ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE

R. A. Rodríguez-Gómez, G. Maciá-Fernández, P. García-Teodoro

2011

Abstract

Among all the existent threats to cybersecurity, botnets are clearly situated in the top list. As a consequence of this importance, the research community is enormously increasing its interest on this problem and the number of publications on botnets is exponentially growing in the last years. We perform an analysis of botnets aimed at giving order to all these research contributions. This analysis is different from the previous contributions because it considers the problem of botnets from a global perspective, and not only studying certain technical aspects like type of architecture, protocols or detection techniques. The starting point to do this is the own botnet life-cycle, understood as the sequence of stages that a botnet should successfully traverse in order to reach the success. As a consequence of our study, we have deducted that the interruption of any of the stages makes it possible to thwart a botnet purpose and, thus, make it useless.

References

  1. Barford, P. and Yegneswaran, V. (2007). An inside look at botnets. In Malware Detection, volume 27 of Advances in Information Security, chapter 8, pages 171- 191. Springer US, Boston, MA.
  2. Barford, P. and Yegneswaran, V. (2007). An inside look at botnets. In Malware Detection, volume 27 of Advances in Information Security, chapter 8, pages 171- 191. Springer US, Boston, MA.
  3. Chen, C.-M., Ou, Y.-H., and Tsai, Y.-C. (2010). Web botnet detection based on flow information. In Computer Symposium (ICS), 2010 International, pages 381-384.
  4. Chen, C.-M., Ou, Y.-H., and Tsai, Y.-C. (2010). Web botnet detection based on flow information. In Computer Symposium (ICS), 2010 International, pages 381-384.
  5. Chien, E. (2010). W32.stuxnet dossier. Technical report, Symantec.
  6. Chien, E. (2010). W32.stuxnet dossier. Technical report, Symantec.
  7. Cormack, G. V. (2008). Email spam filtering: A systematic review. Found. Trends Inf. Retr., 1:335-455.
  8. Cormack, G. V. (2008). Email spam filtering: A systematic review. Found. Trends Inf. Retr., 1:335-455.
  9. Dagon, D., Gu, G., Lee, C., and Lee, W. (2007). A taxonomy of botnet structures. In Computer Security Applications Conference, 2007. ACSAC 2007. TwentyThird Annual, pages 325-339.
  10. Dagon, D., Gu, G., Lee, C., and Lee, W. (2007). A taxonomy of botnet structures. In Computer Security Applications Conference, 2007. ACSAC 2007. TwentyThird Annual, pages 325-339.
  11. Daswani, N. and Stoppelman, M. (2007). The anatomy of clickbot.a. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA. USENIX Association.
  12. Daswani, N. and Stoppelman, M. (2007). The anatomy of clickbot.a. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA. USENIX Association.
  13. Faghani, M. and Saidi, H. (2009). Malware propagation in online social networks. In Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, pages 8-14.
  14. Faghani, M. and Saidi, H. (2009). Malware propagation in online social networks. In Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, pages 8-14.
  15. FBI (2007). Over one million potential victims of botnet cyber crime. Technical report, FBI Press Release.
  16. FBI (2007). Over one million potential victims of botnet cyber crime. Technical report, FBI Press Release.
  17. FBI (2010). Another pleads guilty in botnet hacking conspiracy. Technical report, FBI Press Release.
  18. FBI (2010). Another pleads guilty in botnet hacking conspiracy. Technical report, FBI Press Release.
  19. Feily, M., Shahrestani, A., and Ramadass, S. (2009). A Survey of Botnet and Botnet Detection. SECURWARE.
  20. Feily, M., Shahrestani, A., and Ramadass, S. (2009). A Survey of Botnet and Botnet Detection. SECURWARE.
  21. Goebel, J. and Holz, T. (2007). Rishi: identify bot contaminated hosts by irc nickname evaluation. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA. USENIX Association.
  22. Goebel, J. and Holz, T. (2007). Rishi: identify bot contaminated hosts by irc nickname evaluation. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA. USENIX Association.
  23. Grizzard, J. B., Sharma, V., Nunnery, C., Kang, B. B., and Dagon, D. (2007). Peer-to-peer botnets: overview and case study. Proceedings of the first conference on Hot Topics in Understanding Botnets.
  24. Grizzard, J. B., Sharma, V., Nunnery, C., Kang, B. B., and Dagon, D. (2007). Peer-to-peer botnets: overview and case study. Proceedings of the first conference on Hot Topics in Understanding Botnets.
  25. Gu, G., Zhang, J., and Lee, W. (2008). BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In Proceedings of the Network and Distributed System Security Symposium (NDSS).
  26. Gu, G., Zhang, J., and Lee, W. (2008). BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In Proceedings of the Network and Distributed System Security Symposium (NDSS).
  27. Kang, J. and Song, Y.-Z. (2010). Detecting new decentralized botnet based on kalman filter and multi-chart cusum amplification. In NSWCTC 2010, volume 1, pages 7-10.
  28. Kang, J. and Song, Y.-Z. (2010). Detecting new decentralized botnet based on kalman filter and multi-chart cusum amplification. In NSWCTC 2010, volume 1, pages 7-10.
  29. Levy, E. (2004). Interface illusions. Security Privacy, IEEE, 2(6):66-69.
  30. Levy, E. (2004). Interface illusions. Security Privacy, IEEE, 2(6):66-69.
  31. Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., and Zhang, J. (2009). Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP Journal on Wireless Communications and Networking.
  32. Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., and Zhang, J. (2009). Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP Journal on Wireless Communications and Networking.
  33. Mirkovic, J. and Reiher, P. (2004). A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput. Commun. Rev., 34(2):39-53.
  34. Mirkovic, J. and Reiher, P. (2004). A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput. Commun. Rev., 34(2):39-53.
  35. Namestnikov, Y. (2009). The economics of botnets. Technical report, Securelist.
  36. Namestnikov, Y. (2009). The economics of botnets. Technical report, Securelist.
  37. NVD (2010). Vulnerabilities in the last three years. Technical report, National Vulnerability Database.
  38. NVD (2010). Vulnerabilities in the last three years. Technical report, National Vulnerability Database.
  39. Porras, P., Sadi, H., Yegneswaran, V., Porras, P., Sadi, H., and Yegneswaran, V. (2007). A multi-perspective analysis of the storm (peacomm) worm. Technical report, Cyber-TA Project Page.
  40. Porras, P., Sadi, H., Yegneswaran, V., Porras, P., Sadi, H., and Yegneswaran, V. (2007). A multi-perspective analysis of the storm (peacomm) worm. Technical report, Cyber-TA Project Page.
  41. Project, T. H. (2004). Know your Enemy: Learning about Security Threats. Addison Wesley Publishing, 2nd edition edition.
  42. Project, T. H. (2004). Know your Enemy: Learning about Security Threats. Addison Wesley Publishing, 2nd edition edition.
  43. Stewart, J. (2004a). Bobax trojan analysis. Technical report, SecureWorks.
  44. Stewart, J. (2004a). Bobax trojan analysis. Technical report, SecureWorks.
  45. Stewart, J. (2004b). Bobax trojan analysis. Technical report, SecureWorks.
  46. Stewart, J. (2004b). Bobax trojan analysis. Technical report, SecureWorks.
  47. Stewart, J. (2004c). Phatbot trojan analysis. Technical report, SecureWorks.
  48. Stewart, J. (2004c). Phatbot trojan analysis. Technical report, SecureWorks.
  49. Stewart, J. (2006). Spamthru trojan analysis. Technical report, SecureWorks.
  50. Stewart, J. (2006). Spamthru trojan analysis. Technical report, SecureWorks.
  51. Stewart, J. (2010). Zeus banking trojan report. Technical report, SecureWorks.
  52. Stewart, J. (2010). Zeus banking trojan report. Technical report, SecureWorks.
  53. Weber, T. (2007). Criminals 'may overwhelm the web'. Technical report, BBC News.
  54. Weber, T. (2007). Criminals 'may overwhelm the web'. Technical report, BBC News.
  55. Wilbur, K. C. and Zhu, Y. (2009). Click fraud. Marketing Science, 28:293-308.
  56. Wilbur, K. C. and Zhu, Y. (2009). Click fraud. Marketing Science, 28:293-308.
  57. Wilson, C. (2007). Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress. Technical report, CRS Report for Congress.
  58. Wilson, C. (2007). Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress. Technical report, CRS Report for Congress.
Download


Paper Citation


in Harvard Style

Rodríguez-Gómez R., Maciá-Fernández G. and García-Teodoro P. (2011). ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 257-262. DOI: 10.5220/0003454402570262


in Harvard Style

Rodríguez-Gómez R., Maciá-Fernández G. and García-Teodoro P. (2011). ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 257-262. DOI: 10.5220/0003454402570262


in Bibtex Style

@conference{secrypt11,
author={R. A. Rodríguez-Gómez and G. Maciá-Fernández and P. García-Teodoro},
title={ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={257-262},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003454402570262},
isbn={978-989-8425-71-3},
}


in Bibtex Style

@conference{secrypt11,
author={R. A. Rodríguez-Gómez and G. Maciá-Fernández and P. García-Teodoro},
title={ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={257-262},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003454402570262},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE
SN - 978-989-8425-71-3
AU - Rodríguez-Gómez R.
AU - Maciá-Fernández G.
AU - García-Teodoro P.
PY - 2011
SP - 257
EP - 262
DO - 10.5220/0003454402570262


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - ANALYSIS OF BOTNETS THROUGH LIFE-CYCLE
SN - 978-989-8425-71-3
AU - Rodríguez-Gómez R.
AU - Maciá-Fernández G.
AU - García-Teodoro P.
PY - 2011
SP - 257
EP - 262
DO - 10.5220/0003454402570262