Using uncleanliness to predict future botnet addresses

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Volumn , Issue , 2007, Pages 93-104

  Collins, M Patrick ^a   Shimeall, Timothy J ^a   Faber, Sidney ^a   Janies, Jeff ^a   Weaver, Rhiannon ^a   De Shon, Markus ^a   Kadane, Joseph B ^b  

^a CERT Network Situational Awareness Group   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Blacklists; Botnets; Reputation management

Indexed keywords

(PL) PROPERTIES; BOTNETS; DATA-SETS; INTERNET MEASUREMENTS; PHISHING;

INTERNET; SEMICONDUCTING INTERMETALLICS; SPAMMING;

SCANNING;

EID: 42149173109     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1298306.1298319     Document Type: Conference Paper

References (24)

1. th, 2007.
2. M. Collins, C. Gates, and G. Kataria. A model for opportunistic network exploits: The case of P2P worms. In Proceedings of the 2006 Workshop on Economics and Information Security, 2006.
3. M. Collins and M. Reiter. An empirical analysis of target-resident DoS filters. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, 2004. May 9 - 12, 2004.
4. D. Cook, J. Hartnett, K. Manderson, and J. Scanlan. Catching spam before it arrives: domain specific dynamic blacklists. In ACSW Frontiers '06: Proceedings of the 2006 Australasian workshops on Grid computing and e-research, Darlinghurst, Australia, Australia, 2006.
5. F. Freiling, T. Holz, and G. Wicherski. Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. In Proceedings of the 2005 European Symposium on Research in Computer Security, 2005.
6. C. Gates, J. McNutt, J. Kadane, and M. Kellner. Detecting scans at the ISP level. Technical Report CMU/SEI-2006-TR-005, Software Engineering Institute, 2006.
7. C. Gates, J. McNutt, J. Kadane, and M. Kellner. Scan detection on very large networks using logistic regression modeling. In ISCC '06: Proceedings of the 11th IEEE Symposium on Computers and Communications, Washington, DC, USA, 2006.
8. T. Holz. Learning more about attack patterns with honeypots. In Sicherheit 2006: Sicherheit - Schutz und Zuverlässigkeit, Beiträge der 3. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.v. (GI), 20.-22. Februar 2006 in Magdeburg, 2006.
9. T. Holz, S. Marechal, and F. Raynal. New threats and attacks on the world wide web. IEEE Security & Privacy, 4(2), 2006.
10. J. Jung, B. Krishnamurthy, and M. Rabinovich. Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. In Proceedings of the International World Wide Web Conference, May 2002.
11. J. Jung, V. Paxson, A. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In IEEE Symposium on Security and Privacy 2004, Oakland, CA, May 2004.
12. J. Jung and E. Sit. An empirical study of spam traffic and the use of DNS black lists. In IMC '04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, New York, NY, USA, 2004.
13. E. Kohler, J. Li, V. Paxson, and S. Shenker. Observed structure of addresses in IP traffic. IEEE/ACM Transactions on Networking, 14(6), 2006.
14. B. Krishnamurthy and J. Wang. On network-aware clustering of web clients. In Proceedings of the 2000 A CM Special Interest Group in Communications SIGCOMM Conference, 2000.
15. B. Laurie and R. Clayton. Proof-of-work proves not to work. In Proceedings of the 2004 Workshop on Economics and Information Security, 2004.
16. E. Levy. The making of a spam zombie army: Dissecting the sobig worms. IEEE Security and Privacy, 1(4), 2003.
17. John McHugh and Carrie Gates. Locality: A new paradigm for thinking about normal behavior and outsider threat. In Proceedings of the 2003 New Security Paradigms Workshop, Ascona, Switzerland, 2003. August 18-21, 2003.
18. J. Mirkovic, G. Prier, and P. Reiher. Attacking DDoS at the source. In ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols, Washington, DC, USA, 2002.
19. K. Plößl, H. Federrath, and T. Nowey. Protection mechanisms against phishing attacks. In Proceedings of the second annual conference on Trust, Privacy and Security in Digital Business, volume 3592 of Lecture Notes in Computer Science, August 2005.
20. th, 2007.
21. M. Rajand, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 2006 A CM Internet Measurement Conference, 2006.
22. A. Ramachandran, N. Feamster, and D. Dagon. Revealing botnet membership using DNSBL counter-intelligence. In Proceedings of the 2006 USENIX workshop on steps for reducing unwanted traffic on the internet (SRUTI), 2006.
23. Bleeding Edge Threats. Bleeding snort ruleset. Available at http://www.bleedingsnort.com/index. php/about-bleeding-edge-threats/ all-bleeding-edge-threats-signatures/, Fetched on January 29th, 2007.
24. P. Walt. Agencies feel botnets' light footprint. Government Computer News, January 2007.