Symptoms-based detection of bot processes

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6258 LNCS, Issue , 2010, Pages 229-241

  Morales, Jose Andre ^a   Kartaltepe, Erhan ^a   Xu, Shouhuai ^a,b   Sandhu, Ravi ^a,b  

^a UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

^b Science Building   (United States)

Author keywords

Behavior based detection; Bot process; Botnet detection; Process symptom; Symptom based detection

Indexed keywords

BEHAVIOR-BASED DETECTION; BOT PROCESS; BOTNET DETECTION; PROCESS SYMPTOM; SYMPTOM-BASED DETECTION;

COMPUTER ARCHITECTURE; INTERNET; MATHEMATICAL MODELS; NETWORK ARCHITECTURE;

NETWORK SECURITY;

EID: 78649303220     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-14706-7_18     Document Type: Conference Paper

References (18)

1. Collins, M.P., Shimeall, T.J., Faber, S., Janies, J., Weaver, R., De Shon, M., Kadane, J.: Using uncleanliness to predict future botnet addresses. In: IMC 2007: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 93-104. ACM, New York (2007)
2. Dagon, D., Gu, G., Lee, C.P., Lee, W.: A taxonomy of botnet structures. In: Computer Security Applications Conference, Annual, pp. 325-339 (2007)
3. Filiol, E.: Computer Viruses: from Theory to Applications. IRIS International series. Springer, Heidelberg (2005), iSBN 2-287-23939-1
4. Goebel, J., Holz, T.: Rishi: identify bot contaminated hosts by irc nickname evaluation. In: HotBots 2007: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, p. 8. USENIX Association, Berkeley (2007)
5. Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium, Security 2008 (2008)
6. Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (February 2008)
7. Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET 2008: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pp. 1-9. USENIX Association, Berkeley (2008)
8. Hu, X., Knysz, M., Shin, K.G.: Rb-seeker: Auto-detection of redirection botnets. In: 16th Annual Network and Distributed System Security Symposium (2009)
9. Husse, C.: Easyhook 2.6, http://www.codeplex.com/easyhook
10. Mamaladze, G.: Globalhook, http://www.codeproject.com/KB/cs/globalhook. aspx
11. Morales, J.A., Clarke, P.J., Deng, Y., Kibria, B.G.: Identification of file infecting viruses through detection of self-reference replication. Journal in Computer Virology Special EICAR Conference Invited Paper Issue (2008)
12. Nazario, J., Holz, T.: As the net churns: Fast-flux botnet observations. In: 3rd International Conference onMalicious and Unwanted Software, MALWARE 2008, pp. 24-31 (2008)
13. Remote dll injection application, http://www.novell.com/coolsolutions/ tools/17354.html
14. Sigcheck 1.6, http://technet.microsoft.com/en-us/sysinternals/bb897441. aspx
15. Sun, H.M., Tseng, Y.T., Lin, Y.H., Chiang, T.J.: Detecting the code injection by hooking system calls in windows kernel mode. In: 2006 International Computer Symposium, ICS 2006 (2006)
16. Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press & Addison-Wesley (2005)
17. Witten, I.H., Frank, E.: Data Mining: Practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)
18. Zhu, Z., Yegneswaran, V., Chen, Y.: Using failure information analysis to detect enterprise zombies. In: 5th International ICST Conference on Security and Privacy in Communication Networks, Securecomm 2009 (2009)