Research and development of botnets

Ruan Jian Xue Bao/Journal of Software

Volumn 19, Issue 3, 2008, Pages 702-715

  Zhuge, Jian Wei ^a   Han, Xin Hui ^a   Zhou, Yong Lin ^b   Ye, Zhi Yuan ^a   Zou, Wei ^a  

^a PEKING UNIVERSITY   (China)

^b NATIONAL COMPUTER NETWORK EMERGENCY RESPONSE TECHNICAL TEAM COORDINATION CENTER OF CHINA   (China)

Author keywords

Bot; Botnet; Malware; Network security; Propagation model

Indexed keywords

COMPUTER CRIME; COMPUTER VIRUSES; COMPUTER WORMS; INTERNET; SECURITY OF DATA;

BOT; BOTNET; INFORMATION THEFT; MALWARE; PROPAGATION MODEL; SPAM;

NETWORK SECURITY;

EID: 41949123110     PISSN: 10009825     EISSN: None     Source Type: Journal    
DOI: 10.3724/SP.J.1001.2008.00702     Document Type: Article

References (44)

1. Geer D. Malicious bots threaten network security. IEEE Computer, 2005, 38(1): 18-20.
2. Lee WK, Wang C, Dagon D. Botnet Detection: Countering the Largest Security Threat. New York: Springer-Verlag, 2007.
3. Symantec Inc. Symantec Internet security threat report: Trends for January 06-June 06. Volume X. 2006. http://eval.symantec.com/
4. Symantec Inc. Symantec Internet security threat report: Trends for July 06-December 06. Volume XI. 2007. http://eval.symantec.com/
5. Zhuge JW, Han XH, Ye ZY, Zou W. Discover and track botnets. In: Proc. of the Chinese Symp. on Network and Information Security (NetSec 2005). 2005. 183-189. (in Chinese with English abstract). http://www.honeynet.org.cn/reports/
6. Zhuge JW, Han XH, Chen Y, Ye ZY, Zou W. Towards high level attack scenario graph through honeynet data correlation analysis. In: Proc. of the 7th IEEE Workshop on Information Assurance (IAW 2006). 2006. Piscataway: IEEE Computer Society Press. 2006. 215-222.
7. Zhuge JW, Han XH, Zhou YL, Song CY, Guo JP, Zou W. HoneyBow: An automated malware collection tool based on the high-interaction honeypot principle. Journal on Communications, 2007, 28(12): 8-13 (in Chinese with English abstract).
8. Han XH, Guo JP, Zhou YL, Zhuge JW, Cao DZ, Zou W. An investigation on the botnets activities. Journal on Communications, 2007, 28(12): 167-172. (in Chinese with English abstract).
9. Sun YD, Li D. Overview of botnet. Computer Applications, 2006, 26(7): 1628-1630 (in Chinese with English abstract).
10. Puri R. Bots and botnet: An overview. SANS White Paper. 2003. http://www.sans.org/reading_room/whitepapers/malicious/1299.php
11. McCarty B. Botnets: Big and bigger. IEEE Security and Privacy, 2003, 1(4): 87-90.
12. Bacher P, Holz T, Kotter M, Wicherski G. Know your enemy: Tracking botnets. 2005. http://www.honeynet.org/papers/bots
13. Rajab MA, Zarfoss J, Monrose F, Terzis A. A multifaceted approach to understanding the botnet phenomenon. In: Almeida JM, Almeida VAF, Barford P, eds. Proc. of the 6th ACM Internet Measurement Conf. (IMC 2006). Rio de Janeriro: ACM Press, 2006. 41-52.
14. Arce I, Levy E. An analysis of the slapper worm. IEEE Security and Privacy, 2003, 1(1): 82-87.
15. Barford P, Yegneswaran V. An inside look at botnets. In: Christodorescu M, Jha S, Maughan D, Song D, Wang C, eds. Advances in Information Security, Malware Detection, Vol.27. Springer-Verlag, 2007. http://www.springerlink.com/content/w4576m 3186524245/
16. Holz T. A short visit to the bot zoo. IEEE Security and Privacy, 2005, 3(3): 76-79.
17. Canavan J. The evolution of malicious IRC bots. In: Proc. of the 2005 Virus Bulletin Conf. (VB 2005). 2005. http://www.symantec.com/avcenter/reference/ the.evolution.of.malicious.irc.bots.pdf
18. Wen WP, Qing SH, Jiang JC, Wang YJ. Research and development of Internet worms. Journal of Software, 2004, 15(8): 1208-1219 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/15/1208.htm
19. Chiang K, Lloyd L. A case study of the rustock rootkit and spam bot. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
20. Daswani N, Stoppelman M, the Google Click Quality and Security Teams. The anatomy of Clickbot.A. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
21. Kalt C. RFC 2810: Internet relay chat: Architecture. RFC 2810, IETF, 2000.
22. Grizzard JB, Sharma V, Nunnery C. Peer-to-Peer botnets: Overview and case study. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
23. Wang P, Sparks S, Zou CC. An advanced hybrid peer-to-peer botnet. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
24. Vogt R, Aycock J, Jacobson MJ. Army of botnets. In: Proc. of the 14th Annual Network and Distributed System Security Conf. (NDSS). 2007. http://www.isoc.org/isoc/conferences/ndss/07/abstracts/54.shtml
25. Li J, Ehrenkranz T, Kuenning G, Reiher P. Simulation and analysis on the resiliency and efficiency of malnets. In: Proc. of the IEEE Symp. on Measurement, Modeling, and Simulation of Malware (MMSM 2005). Monterey: IEEE Computer Society Press, 2005. 262-269.
26. Zou CC, Gong W, Towsley D. Code red worm propagation modeling and analysis. In: Atluri V, ed. Proc. of the 9th ACM Conf. on Computer and Communications Security (CCS 2002). New York: ACM Press, 2002. 138-147.
27. Kim J, Radhakrishnan S, Dhall SK. Measurement and analysis of worm propagation on Internet network topology. In: Proc. of the IEEE Int'l Conf. on Computer Communications and Networks (ICCCN 2004). 2004. 495-500. http://ieeexplore.ieee.org/xpls/ abs_all.jsp? arnumber=1401716
28. Zou CC, Gong W, Towsley D. Worm propagation modeling and analysis under dynamic quarantine defense. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). New York: ACM Press, 2003. 51-60.
29. Dagon D, Zou CC, Lee W. Modeling botnet propagation using time zones. In: Proc. of the 13th Annual Network and Distributed System Security Symp. (NDSS 2006). 2006. http://www.isoc.org/isoc/conferences/ ndss/06/proceedings/papers/modeling_botnet_propagation.pdf
30. Zou CC, Towsley D, Gong W. On the performance of Internet worm scanning strategies. Elsevier Journal of Performance Evaluation, 2005, 63(7): 700-723.
31. Barford P, Blodgett M. Toward botnet mesocosms. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
32. Freiling F, Holz T, Wicherski G. Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: Proc. of the 10th European Symp. on Research in Computer Security (ESORICS 2005). LNCS 3679, Milan: Springer-Verlag, 2005. 319-335.
33. Baecher P, Koetter M, Holz T, Dornseif M, Freiling FC. The nepenthes platform: An efficient approach to collect malware. In: Vimercati SD, Syverson P, eds. Proc. of the 9th Int'l Symp. on Recent Advances in Intrusion Detection (RAID). LNCS 4219, Springer-Verlag, 2006. 165-184.
34. Rajab MA, Zarfoss J, Monrose F, Terzis A. My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
35. Ramachandran A, Feamster N, Dagon D. Revealing botnet membership using DNSBL counter-intelligence. In: Proc. of the USENIX Workshop on Steps to Reducing Unwanted Traffic in the Internet (SRUTI 2006), Vol.2. Berkeley: USENIX Association, 2006. 8. http://portal.acm.org/citation.cfm? id=1251304&dl=&coll=
36. Binkley JR, Singh S. An algorithm for anomaly-based botnet detection. In: Proc. of the USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI 2006). 2006. 43-48. http://portal.acm.org/citation.cfm? id=1251296.1251303&coll=&dl=
37. Binkley JR. Anomaly-Based botnet server detection. In: Proc. of the FloCon 2006 Analysis Workshop. 2006. http://www.cert.org/flocon/2006/presentations/botnet0606.pdf
38. Strayer T, Walsh R, Livadas C, Lapsley D. Detecting botnets with tight command and control. In: Proc. of the 31st IEEE Conf. on Local Computer Networks (LCN'06). Tampa: IEEE Computer Society Press, 2006. 195-202.
39. Livadas C, Walsh B, Lapsley D, Strayer T. Using machine learning techniques to identify botnet traffic. In: Proc. of the 2nd IEEE LCN Workshop on Network Security. 2006. 967-974.
40. Goebel J, Holz T. Rishi: Identify bot contaminated hosts by IRC nickname evaluation. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
41. Karasaridis A, Rexroad B, Hoeflin D. Wide-Scale botnet detection and characterization. In: Proc. of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007). 2007. http://portal.acm.org/citation.cfm?
42. Gu G, Porras P, Yegneswaran V, Fong M, Lee W. BotHunter: Detecting malware infection through IDS-driven dialog correlation. In: Proc. of the 16th USENIX Security Symp. (Security 2007). 2007. http://www.usenix.org/events/sec07/tech/gu.html
43. Overton M. Bots and botnets: Risks, issues and prevention. In: Proc. of the 2005 Virus Bulletin Conf. 2005. http://momusings.com/papers/VB2005-Bots_and_Botnets-1.0.2.pdf
44. Ianelli N, Hackworth A. Botnets as a vehicle for online crime. In: Proc. of the 18th Annual FIRST Conf. 2006. http://www.cert.org/ archive/pdf/Botnets.pdf