A survey on latest botnet attack and defense

Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011

Volumn , Issue , 2011, Pages 53-60

  Zhang, Lei ^a   Yu, Shui ^a   Wu, Di ^a   Watters, Paul ^b  

^a DEAKIN UNIVERSITY   (Australia)

^b UNIVERSITY OF BALLARAT   (Australia)

Author keywords

Botnet; Domain Fluxing; Fast Fluxing; Survey

Indexed keywords

BOTNET; BOTNETS; CYBER-ATTACKS; DDOS ATTACK; DETECTION METHODS; DOMAIN FLUXING; FAST FLUXING; FUTURE DIRECTIONS; MULTIPLE CRITERIA; NETWORK ATTACK; PHISHING; PRODUCTIVE TOOLS;

EMBEDDED SOFTWARE; EMBEDDED SYSTEMS; PERSONAL COMPUTING; SECURITY OF DATA; SURVEYS;

COMPUTER CRIME;

EID: 84862975193     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/TrustCom.2011.11     Document Type: Conference Paper

References (39)

1. H. Zeidanloo, M. Shooshtari, P. Amoli, M. Safari, and M. Zamani, "A taxonomy of botnet detection techniques," in Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on, vol. 2, july 2010, pp. 158 -162.
2. A. Ramachandran, N. Feamster, and G. Tech, "Understanding the network-level behavior of spammers," in Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications (2006), 2006, pp. 291-302.
3. D. Moore, G. Voelker, and S. Savage, "Inferring internet denial-of-service activity," in In Proceedings of the 10th Usenix Security Symposium, 2001, pp. 9-22.
4. S. Saroiu, S. D. Gribble, and H. M. Levy, "Measurement and analysis of spyware in a university environment." in NSDI. USENIX, 2004, pp. 141-153.
5. T. Holz, M. Engelberth, and F. C. Freiling, "Learning more about the underground economy: A case-study of keyloggers and dropzones." in ESORICS, M. Backes and P. Ning, Eds., vol. 5789. Springer, 2009, pp. 1-18.
6. Symantec, "Cutwails bounce-back; instant messages can lead to instant malware," http://www.messagelabs.com/mlireport, 2009.
7. P. Bacher, T. Holz, M. Kotter, and G. Wicherski, "Know your enemy: Tracking botnets," http://www.honeynet.org/papers/bots, 2008.
8. Y. Tang and S. Chen, "Defending against internet worms: a signature-based approach," in INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, vol. 2, march 2005, pp. 1384-1394 vol. 2.
9. C. Li, W. Jiang, and X. Zou, "Botnet: Survey and case study," in Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on, dec. 2009, pp. 1184-1187.
10. J. R. Binkley and S. Singh, "An algorithm for anomaly-based botnet detection," in Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2. USENIX Association, 2006, pp. 7-7.
11. A. Karasaridis, B. Rexroad, and D. Hoeflin, "Wide-scale botnet detection and characterization," in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007, pp. 7-7.
12. M. Feily, A. Shahrestani, and S. Ramadass, "A survey of botnet and botnet detection," in Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on, june 2009, pp. 268-273.
13. S. Yu, S. Zhou, and S. Wang, "Fast-flux attack network identification based on agent lifespan," in Wireless Communications, Networking and Information Security (WCNIS), 2010 IEEE International Conference on, june 2010, pp. 658-662.
14. Honeynet, "How fast-flux service network work,"http://www. honeynet.org/node/132, 2008.
15. C. V. Zhou, C. Leckie, and S. Karunasekera, "Collaborative detection of fast flux phishing domains." JNW, vol. 4, no. 1, pp. 75-84, 2009.
16. P. Amini, "Kraken botnet infiltration,"http://dvlabs. tippingpoint.com/blog/2008/04/28/kraken-botnetinfiltration, 2008.
17. P. Porras, H. Saidi, and V. Yegneswaran, "A foray into conficker's logic and rendezvous points," in In LEET'09: Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats (2009), 2009.
18. J. Wolf, "Technical details of srizbi's domain generation algorithm,"http://blog.fireeye.com/research/2008/11/technical-details- ofsrizbis-domain-generation-algorithm.html, 2008.
19. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. A. Kemmerer, C. Kruegel, and G. Vigna, "Your botnet is my botnet: analysis of a botnet takeover." in ACM Conference on Computer and Communications Security. ACM, 2009, pp. 635-647.
20. T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling, "Measuring and detecting fast-flux service networks," in NDSS, 2008.
21. C. V. Zhou, C. Leckie, S. Karunasekera, and T. Peng, "A Self-healing, Self-protecting, Collaborative Intrusion Detection Architecture to Traceback Fast-flux Phishing Domains," in Proceedings of the 2nd IEEE Workshop on Autonomic Communication and Network Management, Apr. 2008.
22. A. Caglayan, M. Toothaker, D. Drapeau, D. Burke, and G. Eaton, "Real-time detection of fast flux service networks," in Conference For Homeland Security, 2009. CATCH '09., 2009, pp. 285-292.
23. R. Perdisci, I. Corona, D. Dagon, and W. Lee, "Detecting malicious flux service networks through passive analysis of recursive dns traces," in Computer Security Applications Conference, 2009. ACSAC '09. Annual, 2009, pp. 311 -320.
24. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging," in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007.
25. C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, and S. Savage, "The heisenbot uncertainty problem: Challenges in separating bots from chaff." in LEET. USENIX Association, 2008.
26. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, "Beyond blacklists: learning to detect malicious web sites from suspicious urls," in Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 2009, pp. 1245-1254.
27. S. S. Justin Ma, Lawrence Saul and G. Voelker, "Identifying suspicious urls: An application of large-scale online learning," in In Proc. of the International Conference on Machine Learning (ICML), 2009.
28. N. Jiang, J. Cao, Y. Jin, L. Li, and Z.-L. Zhang, "Identifying suspicious activities through dns failure graph analysis," in Network Protocols (ICNP), 2010 18th IEEE International Conference on, oct. 2010, pp. 144-153.
29. V. Pappas, D. Wessels, D. Massey, S. Lu, A. Terzis, and L. Zhang, "Impact of configuration errors on dns robustness," Selected Areas in Communications, IEEE Journal, vol. 27, pp. 275-290, 2009.
30. Z. Zhu, V. Yegneswaran, and Y. Chen, "Using failure information analysis to detect enterprise zombies." in SecureComm, vol. 19. Springer, 2009, pp. 185-206.
31. D. Plonka and P. Barford, "Context-aware clustering of dns query traffic," in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 2008, pp. 217-230.
32. Y. Jin, E. Sharafuddin, and Z. L. Zhang, "Unveiling core network-wide communication patterns through application traffic activity graph decomposition,"in Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems. ACM, 2009, pp. 49-60.
33. P. Prakash, M. Kumar, R. Kompella, and M. Gupta, "Phishnet: Predictive blacklisting to detect phishing attacks," in INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1-5.
34. S. Yadav, A. K. K. Reddy, A. N. Reddy, and S. Ranjan, "Detecting algorithmically generated malicious domain names," in Proceedings of the 10th annual conference on Internet measurement. ACM, 2010, pp. 48-61.
35. T. H. Project, "Know your enemy: Fast-flux service networks,"http://www.honeynet.org/papers/ff/, 2007.
36. J. Han, Data Mining: Concepts and Techniques. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 2005.
37. L. Rabiner and B. Juang, "An introduction to hidden markov models,"ASSP Magazine, IEEE, pp. 4-16, 1986.
38. L. Rabiner, "A tutorial on hidden markov models and selected applications in speech recognition," Proceedings of the IEEE, pp. 257-286, 1989.
39. P. Van Mieghem, Graph Spectra for Complex Networks. Cambridge press, 2011.