RB-Seeker: Auto-detection of Redirection Botnets∗

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009

Volumn , Issue , 2009, Pages

  Hu, Xin ^a   Knysz, Matthew ^a   Shin, Kang G ^a  

^a UNIVERSITY OF MICHIGAN   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; INTERNET PROTOCOLS; NETWORK SECURITY; QUERY PROCESSING;

AUTO-DETECTION; AUTOMATIC DETECTION; BEHAVIOR-BASED; BOTMASTER; BOTNETS; DESIGN EVALUATION; DESIGN IMPLEMENTATION; EDGE ROUTERS; SEQUENTIAL HYPOTHESIS TESTING; SPAM E-MAILS;

BOTNET;

EID: 84908346958     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. Capture-hpc. https://projects.honeynet.org/capture-hpc/.
2. Free url redirection services. http://www.emailaddresses.com/email url.htm.
3. Gnu wget. http://www.gnu.org/software/wget/.
4. Kolmogorov-smirnov test. http://www.physics.csbsju.edu/stats/KS-test.html.
5. Netflow. http://www.cisco.com/en/US/products/ps6601/products ios protocol group home.html.
6. M. Afergan, J. Wein, and A. LaMeyer. Experience with some principles for building an internet-scale reliable system. In WORLDS’05: Proceedings of the 2nd conference on Real, Large Distributed Systems, pages 1–6, Berkeley, CA, USA, 2005. USENIX Association.
7. D. S. Anderson, C. Fleizach, S. Savage, and G. M. Voelker. Spamscatter: characterizing internet scam hosting infrastructure. In SS’07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages 1–14, Berkeley, CA, USA, 2007. USENIX Association.
8. M. Bailey, E. Cooke, F. Jahanian, and J. Nazario. The internet motion sensor - a distributed blackhole monitoring system. In NDSS, 2005.
9. J. R. Binkley and S. Singh. An algorithm for anomaly-based botnet detection. In SRUTI’06: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, pages 7–7, Berkeley, CA, USA, 2006. USENIX Association.
10. F. Boldewint. Peacomm.c - cracking the nutshell. http://www.reconstructer.org/, September 2007.
11. K. Chellapilla and A. Maykov. A taxonomy of javascript redirection spam. In AIRWeb’07: Proceedings of the 3rd international workshop on Adversarial information retrieval on the web, pages 81–88, New York, NY, USA, 2007. ACM.
12. Cisco System Inc. Ironport. http://www.ironport.com/ technology/ironport antispam.html, 2007.
13. Cisco System Inc. P-cube. http://www.pcube.com/solutions/index.shtml, 2007.
14. E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: understanding, detecting, and disrupting botnets. In SRUTI’05: Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, pages 6–6, Berkeley, CA, USA, 2005. USENIX Association.
15. D. Dagon, C. Zou, and W. Lee. Modeling botnet propagation using time zones. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS’06), February 2006.
16. G. Fumera, I. Pillai, and F. Roli. Spam filtering based on the analysis of text information embedded into images. J. Mach. Learn. Res., 7:2699–2720, 2006.
17. J. Goebel and T. Holz. Rishi: identify bot contaminated hosts by irc nickname evaluation. In HotBots’07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 8–8, Berkeley, CA, USA, 2007. USENIX Association.
18. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon. Peer-to-peer botnets: overview and case study. In HotBots’07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 1–1, Berkeley, CA, USA, 2007. USENIX Association.
19. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: detecting malware infection through ids-driven dialog correlation. In SS’07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages 1–16, Berkeley, CA, USA, 2007. USENIX Association.
20. G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08), February 2008.
21. B. Guenter. Spam archive. http://untroubled.org/spam/.
22. T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling. Measuring and detectin fast-flux service networks. In In Proc. network and Distributed System Security (NDSS) Symposium, 2008.
23. Honeynet Project. Know you enemy: Tracking botnets. http://www.honeynet.org/papers/bots, 2005.
24. D. R. J. Oikarinen. Internet relay chat (irc) protocol. IETF, Request for Comments (RFC) 1459, May 1993.
25. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In IEEE Symposium on Security and Privacy 2004, Oakland, CA, May 2004.
26. A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In HotBots’07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 7–7, Berkeley, CA, USA, 2007. USENIX Association.
27. H. Project. Know you enemy: Fast-flux service networks. http://www.honeynet.org/papers/ff/fast-flux.html, 2007.
28. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In IMC’06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 41–52, New York, NY, USA, 2006. ACM.
29. Syamentec Corp. Norton safe web, report for livefilestore.com. https://safeweb.norton.com/report/show?name=livefilestore.com.
30. A. Wald. Sequential tests of statistical hypotheses. The Annals of Mathematical Statistics, 16(2):117–186, June 1945.
31. P. Wang, S. Sparks, and C. C. Zou. An advanced hybrid peer-to-peer botnet. In HotBots’07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 2–2, Berkeley, CA, USA, 2007. USENIX Association.
32. Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In In Proc. network and Distributed System Security (NDSS) Symposium, 2006.
33. B. Wu and B. Davison. Cloaking and redirection: A preliminary study, 2005.
34. V. Yegneswaran, P. Barford, and V. Paxon. Using honeynets for internet situational awareness. In HOTNETS, 2005.