Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement 2006
DOI: 10.1145/1177080.1177086
|View full text |Cite
|
Sign up to set email alerts
|

A multifaceted approach to understanding the botnet phenomenon

Abstract: The academic community has long acknowledged the existence of malicious botnets, however to date, very little is known about the behavior of these distributed computing platforms. To the best of our knowledge, botnet behavior has never been methodically studied, botnet prevalence on the Internet is mostly a mystery, and the botnet life cycle has yet to be modeled. Uncertainty abounds. In this paper, we attempt to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infra… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

2
270
0
9

Year Published

2010
2010
2020
2020

Publication Types

Select...
7
1

Relationship

0
8

Authors

Journals

citations
Cited by 399 publications
(281 citation statements)
references
References 10 publications
2
270
0
9
Order By: Relevance
“…Also, we have seen how such campaigns often lead to the automated deployment of large numbers of domains pointing to a few servers and following well-defined patterns in their naming schema. For all these reasons, as already noted in [20] for other type of threats, DNS seems to be a promising point of view for the detection of such anomalies.…”
Section: Lessons Learned and Countermeasuresmentioning
confidence: 72%
See 2 more Smart Citations
“…Also, we have seen how such campaigns often lead to the automated deployment of large numbers of domains pointing to a few servers and following well-defined patterns in their naming schema. For all these reasons, as already noted in [20] for other type of threats, DNS seems to be a promising point of view for the detection of such anomalies.…”
Section: Lessons Learned and Countermeasuresmentioning
confidence: 72%
“…For example, in the context of spam botnets, researchers have used spam messages [31] and DNS queries [20,22] as proxy indicators of infected machines. Active approaches are also possible.…”
Section: Rogue Av Monetizationmentioning
confidence: 99%
See 1 more Smart Citation
“…In the arena of attacks exploiting network nodes, botnets [4] represent an important resource for cybercrime organizations. In particular, a botnet is a network of infected hosts (known as bots, agents, or zombies) under the control of a bot-master that can send specific attack commands to the bots in order to carry out distributed and coordinated operations [5], typically (but not only) aimed at launching cyber-attacks.…”
Section: Introductionmentioning
confidence: 99%
“…Highly organized and coordinated attacks by botnets are able to make malicious activities such as distributed denial of service (DDoS), e-mail spam, and click fraud [2]. A set of infected and compromised computers (bots) connected to the Internet is controlled remotely by an unauthorized user (botmaster) and, if employed for nefarious purposes, is called a botnet [3]- [5]. To scale up the botnet, bots infect additional computers by sending malware, using various strategies such as self-replicating worms, email viruses, or password guessing.…”
Section: Introductionmentioning
confidence: 99%