Challenges in experimenting with botnet detection systems

4th Workshop on Cyber Security Experimentation and Test, CSET 2011

Volumn , Issue , 2011, Pages

  Aviv, Adam J ^a   Haeberlen, Andreas ^a  

^a UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK SECURITY;

BOTNET DETECTIONS; DATA SCARCITY; GROUND TRUTH; LARGE-SCALE DISTRIBUTED SYSTEM; PLANETLAB; PRIVACY CONCERNS; QUANTITATIVE COMPARISON; REAL NETWORKS;

BOTNET;

EID: 85084161642     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (50)

1. P. Bächer, T. Holz, M. Kötter, and G. Wicherski. Know Your Enemy: Tracking Botnets. Technical report, The Honeynet Project, Aug. 2008.
2. M. Barbaro and T. Zeller. A face is exposed for AOL searcher no. 4417749. The New York Times, Aug. 2006. http://www.nytimes.com/2006/08/09/technology/09aol.html.
3. V. Berk, G. Bakos, and R. Morris. Designing a framework for active worm detection on global networks. In 1st IEEE International Workshop on Information Assurance (IWIAS), Mar. 2003.
4. CAIDA. http://www.caida.org/.
5. H. Choi, H. Lee, and H. Kim. BotGAD: detecting botnets by capturing group activities in network traffic. In 4th International ICST Conference on Communication System Software and Middleware (COMSWARE), June 2009.
6. H. Choi, H. Lee, H. Lee, and H. Kim. Botnet Detection by Monitoring Group Activities in DNS Traffic. In 7th IEEE International Conference on Computer and Information Technology (CIT), Oct. 2007.
7. B. Coskun and S. Dietrich. Friends of An Enemy: Identifying Local Members of Peer-to-Peer Botnets Using Mutual Contacts. In 26th Annual Computer Security Applications Conferenec (ACSAC), Dec. 2010.
8. Cyber-TA. http://cyber-ta.org/.
9. M. Dischinger, A. Haeberlen, I. Beschastnikh, K. P. Gummadi, and S. Saroiu. SatelliteLab: Adding heterogeneity to planetary-scale network testbeds. In ACM SIGCOMM Conference, Aug 2008.
10. D. R. Ellis, J. G. Aiken, K. S. Attwood, and S. D. Tenaglia. A behavioral approach to worm detection. In ACM Workshop on Rapid Malcode (WORM), Oct. 2004.
11. J. Goebel and T. Holz. Rishi: Identify bot contaminated host by IRC nickname evaluation. In 1st USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Apr. 2007.
12. B. S. Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: Analysis of a botnet takeover. In 16th ACM conference on Computer and Communications Security (CCS), Nov. 2009.
13. G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In 17th USENIX Security Symposium, July 2008.
14. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In 16th USENIX Security Symposium, Aug. 2007.
15. G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In 16th Network and Distributed System Security Symposium (NDSS), Feb. 2008.
16. T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling. Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. In 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Apr. 2008.
17. Honey@home. http://www.honeyathome.org/.
18. M. Jelasity and V. Bilicki. Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In 2nd USENIX Conference on Large-scale Exploits and Emergent Threats (LEET), Apr. 2009.
19. C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, and S. Savage. The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff. In 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Apr. 2008.
20. A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In 1st USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Apr. 2007.
21. D. Kotz and T. Henderson. CRAWDAD: A community resource for archiving wireless data at Dartmouth. http: //crawdad.cs.dartmouth.edu/.
22. C. P. Lee. Framework for Botnet Emulation and Analysis. PhD thesis, Georgia Institute of Technology, Atlanta, Georgia, May 2009.
23. C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer. Using Machine Learning Techniques to Identify Botnet Traffic. In 31st Annual IEEE Conference on Local Computer Networks (LCN), Nov. 2006.
24. W. Lu, G. Rammidi, and A. A. Ghorbani. Clustering botnet communication traffic based on n-gram feature selection. Computer Communications, 34(3):502–514, Mar. 2011.
25. W. Lu, M. Tavallaee, and A. A. Ghorbani. Automatic discovery of botnet communities on large-scale communication networks. In 4th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Mar. 2009.
26. A. G. Miklas, S. Saroiu, A. Wolman, and A. D. Brown. Bunker: a privacy-oriented platform for network tracing. In 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Apr. 2009.
27. J. C. Mogul and M. Arlitt. SC2D: An alternative to trace anonymization. In SIGCOMM Workshop on Mining Network Data (MineNet), Sept. 2006.
28. S. Nagaraja, P. Mittal, C. Y. Hong, M. Caesar, and N. Borisov. BotGrep: Finding P2P Bots with Structured Graph Analysis. In USENIX Security Symposium, Aug. 2010.
29. A. Narayanan and V. Shmatikov. Robust deanonymization of large sparse datasets. In 29th IEEE Symposium on Security and Privacy, May 2008.
30. L. Peterson, A. Bavier, M. E. Fiuczynski, and S. Muir. Experiences building PlanetLab. In 7th Symposium on Operating Systems Design and Implementation (OSDI), Nov. 2006.
31. Protected Repository for the Defense of Infrastructure Against Cyber Threats. http://www.predict.org.
32. H. Pucha, Y. C. Hu, and Z. M. Mao. On the impact of research network based testbeds on wide-area experiments. In 6th ACM SIGCOMM Conference on Internet Measurement (IMC), Oct. 2006.
33. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In 1st USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Apr. 2007.
34. A. Ramachandran, N. Feamster, and D. Dagon. Revealing botnet membership using DNSBL counter-intelligence. In 2nd USENIX Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), July 2006.
35. J. Reed, A. J. Aviv, D. Wagner, A. Haeberlen, B. C. Pierce, and J. M. Smith. Differential privacy for collaborative security. In 3rd European Workshop on System Security (EuroSec), Apr. 2010.
36. K. Rieck, G. Schwenk, T. Limmer, T. Holz, and P. Laskov. Botzilla: Detecting the”phoning home” of malicious software. In 25th ACM Symposium on Applied Computing (SAC), Mar. 2010.
37. Shadowserver. http://shadowserver.org/.
38. N. Spring, L. Peterson, A. Bavier, and V. Pai. Using PlanetLab for network research: myths, realities, and best practices. SIGOPS Operating Systems Review, 40(1):17–24, Jan. 2006.
39. E. Stinson and J. C. Mitchell. Towards systematic evaluation of the evadability of bot/botnet detection methods. In 2nd USENIX Workshop on Offensive Technologies (WOOT), July 2008.
40. B. Stone-Gross, T. Holz, G. Stringhini, and G. Vigna. The underground economy of Spam: A botmaster’s perspective of coordinating large-scale Spam campaigns. In 4th USENIX Workshop on Large-Scale Exploits and Emerging Threats (LEET), Mar. 2011.
41. W. T. Strayer, R. Walsh, C. Livads, and D. Lapsley. Detecting Botnets with Tight Command and Control. In 31st IEEE Conference on Local Computer Networks (LCN), Nov. 2006.
42. K. V. Vishwanath and A. Vahdat. Swing: Realistic and responsive network traffic generation. IEEE/ACM Transactions on Networking, 17(3):712–725, June 2009.
43. VX Heavens. http://vx.netlux.org/.
44. M. C. Weigle, P. Adurthi, F. Hernández-Campos, K. Jeffay, and F. D. Smith. Tmix: a tool for generating realistic tcp application workloads in ns-2. SIGCOMM Computer Communication Review, 36:65–76, July 2006.
45. P. Wurzinger, L. Bilge, T. Holz, J. Goebel, C. Kruegel, and E. Kirda. Automatically Generating Models for Botnet Detection. In 14th European Symposium on Research in Computer Security (ESORICS). Sept. 2009.
46. T.-F. Yen and M. K. Reiter. Traffic aggregation for malware detection. In 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), July 2008.
47. T.-F. Yen and M. K. Reiter. Are Your Hosts Trading or Plotting? Telling P2P File-Sharing and Bots Apart. In 30th International Conference on Distributed Computing Systems (ICDCS), June 2010.
48. N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing distributed systems with information flow control. In 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Apr. 2008.
49. U. Zhang, X. Luo, R. Perdisci, G. Gu, W. Lee, and N. Feamster. Boosting the scalability of botnet detection using adaptive traffic sampling. In 6th ACM Symposium on Information, Computer and Communcations Security (ASIACCS), Mar. 2011.
50. Y. Zhang and V. Paxson. Detecting stepping stones. In 9th USENIX Security Symposium, Aug. 2000.