Characterization and modeling of top spam botnets

Detalhes bibliográficos
Autor(a) principal: Rodrigues, Nuno G.
Data de Publicação: 2012
Outros Autores: Sousa, Rui Filipe Rodrigues, Salvador, Paulo, Nogueira, António Manuel
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10198/7829
Resumo: The increasing impact of the Internet in the global economy has transformed Botnets into one of the most relevant security threats for citizens, organizations and governments. Despite the significant efforts that have been made over the last years to understand this phenomenon and develop detection techniques and countermeasures, this continues to be a field with big challenges to address. Several approaches can be taken to study Botnets: analyze its source code, which can be a hard task because it is usually unavailable; study the control mechanism, particularly the activity of its Command and Control server(s); study its behavior, by measuring real traffic and collecting relevant statistics. In this work, we have installed some of the most popular spam Botnets, captured the originated traffic and characterized it in order to identify the main trends/patterns of their activity. From the intensive statistics that were collected, it was possible to conclude that there are distinct features between Botnets that can be explored to build efficient detection methodologies. Based on this study, the second part of the paper proposes a generic and systematic model to describe the network dynamics whenever a Botnet threat is detected, defining all actors, dimensions, states and actions that need to be taken into account at each moment. We believe that this type of modeling approach is the basis for developing systematic and integrated frameworks and strategies to predict and fight Botnet threats in an efficient way.
id RCAP_9d983b32ac9799f002e3d584c15857fb
oai_identifier_str oai:bibliotecadigital.ipb.pt:10198/7829
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Characterization and modeling of top spam botnetsSpam botnetStatistical characterizationNetwork securityMalwareNetwork resilience modelThe increasing impact of the Internet in the global economy has transformed Botnets into one of the most relevant security threats for citizens, organizations and governments. Despite the significant efforts that have been made over the last years to understand this phenomenon and develop detection techniques and countermeasures, this continues to be a field with big challenges to address. Several approaches can be taken to study Botnets: analyze its source code, which can be a hard task because it is usually unavailable; study the control mechanism, particularly the activity of its Command and Control server(s); study its behavior, by measuring real traffic and collecting relevant statistics. In this work, we have installed some of the most popular spam Botnets, captured the originated traffic and characterized it in order to identify the main trends/patterns of their activity. From the intensive statistics that were collected, it was possible to conclude that there are distinct features between Botnets that can be explored to build efficient detection methodologies. Based on this study, the second part of the paper proposes a generic and systematic model to describe the network dynamics whenever a Botnet threat is detected, defining all actors, dimensions, states and actions that need to be taken into account at each moment. We believe that this type of modeling approach is the basis for developing systematic and integrated frameworks and strategies to predict and fight Botnet threats in an efficient way.This research was supported by Fundação para a Ciência e a Tecnologia, under research project PTDC/EEA-TEL/101880/2008.Macrothink InstituteBiblioteca Digital do IPBRodrigues, Nuno G.Sousa, Rui Filipe RodriguesSalvador, PauloNogueira, António Manuel2013-01-07T09:59:48Z20122012-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10198/7829engRodrigues, Nuno; Sousa, Rui; Salvador, Paulo; Nogueira, António (2012). Characterization and modeling of top spam botnets. Network Protocols and Algorithms. ISSN 1943-3581. 4:4, p. 1-261943-3581info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-21T10:19:26Zoai:bibliotecadigital.ipb.pt:10198/7829Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:59:33.775616Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Characterization and modeling of top spam botnets
title Characterization and modeling of top spam botnets
spellingShingle Characterization and modeling of top spam botnets
Rodrigues, Nuno G.
Spam botnet
Statistical characterization
Network security
Malware
Network resilience model
title_short Characterization and modeling of top spam botnets
title_full Characterization and modeling of top spam botnets
title_fullStr Characterization and modeling of top spam botnets
title_full_unstemmed Characterization and modeling of top spam botnets
title_sort Characterization and modeling of top spam botnets
author Rodrigues, Nuno G.
author_facet Rodrigues, Nuno G.
Sousa, Rui Filipe Rodrigues
Salvador, Paulo
Nogueira, António Manuel
author_role author
author2 Sousa, Rui Filipe Rodrigues
Salvador, Paulo
Nogueira, António Manuel
author2_role author
author
author
dc.contributor.none.fl_str_mv Biblioteca Digital do IPB
dc.contributor.author.fl_str_mv Rodrigues, Nuno G.
Sousa, Rui Filipe Rodrigues
Salvador, Paulo
Nogueira, António Manuel
dc.subject.por.fl_str_mv Spam botnet
Statistical characterization
Network security
Malware
Network resilience model
topic Spam botnet
Statistical characterization
Network security
Malware
Network resilience model
description The increasing impact of the Internet in the global economy has transformed Botnets into one of the most relevant security threats for citizens, organizations and governments. Despite the significant efforts that have been made over the last years to understand this phenomenon and develop detection techniques and countermeasures, this continues to be a field with big challenges to address. Several approaches can be taken to study Botnets: analyze its source code, which can be a hard task because it is usually unavailable; study the control mechanism, particularly the activity of its Command and Control server(s); study its behavior, by measuring real traffic and collecting relevant statistics. In this work, we have installed some of the most popular spam Botnets, captured the originated traffic and characterized it in order to identify the main trends/patterns of their activity. From the intensive statistics that were collected, it was possible to conclude that there are distinct features between Botnets that can be explored to build efficient detection methodologies. Based on this study, the second part of the paper proposes a generic and systematic model to describe the network dynamics whenever a Botnet threat is detected, defining all actors, dimensions, states and actions that need to be taken into account at each moment. We believe that this type of modeling approach is the basis for developing systematic and integrated frameworks and strategies to predict and fight Botnet threats in an efficient way.
publishDate 2012
dc.date.none.fl_str_mv 2012
2012-01-01T00:00:00Z
2013-01-07T09:59:48Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10198/7829
url http://hdl.handle.net/10198/7829
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Rodrigues, Nuno; Sousa, Rui; Salvador, Paulo; Nogueira, António (2012). Characterization and modeling of top spam botnets. Network Protocols and Algorithms. ISSN 1943-3581. 4:4, p. 1-26
1943-3581
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Macrothink Institute
publisher.none.fl_str_mv Macrothink Institute
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799135220042039296

Registros relacionados