2011
DOI: 10.1007/s10257-011-0171-7
|View full text |Cite
|
Sign up to set email alerts
|

Behavioral analysis of botnets for threat intelligence

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
4
2
2

Relationship

0
8

Authors

Journals

citations
Cited by 17 publications
(10 citation statements)
references
References 10 publications
0
7
0
Order By: Relevance
“…Once a network has been selected as a target, it is assessed for vulnerability and the mission becomes oriented toward gaining access (Caglayan et al 2012;Brewer 2014). Vulnerability assessment may require less intensive efforts or more intensive efforts, depending on what is already known about the target.…”
Section: Assessing System Vulnerabilitymentioning
confidence: 99%
See 1 more Smart Citation
“…Once a network has been selected as a target, it is assessed for vulnerability and the mission becomes oriented toward gaining access (Caglayan et al 2012;Brewer 2014). Vulnerability assessment may require less intensive efforts or more intensive efforts, depending on what is already known about the target.…”
Section: Assessing System Vulnerabilitymentioning
confidence: 99%
“…The sustainment of S-APT operations is to some extent dependent on the maintenance of infrastructure external to the target network. Prior to launching an attack, "command and control" servers-which will be used during the attack to focus efforts, channel traffic and operate malware-must be established and available (Tankard 2011 andCaglayan et al 2012). Command and control servers are typically computers that were compromised during previous missions (Bradbury 2010;Raiu 2012).…”
Section: Assuring Sustainabilitymentioning
confidence: 99%
“…One way by which this is achieved is by comparing certain characteristics of network traffic with a database of attributes (signatures) that have already been associated with specific botnet behaviours, such as those proposed by Zand et al [73], Bilge et al [74] and Bhatia et al [75]. Furthermore, as seen in the literature, another technique seeks to analyse network traffic for traffic/packets that exhibit behaviours that deviate from the normal, observable network behaviour (an anomaly), such as those proposed by Wang et al [76], Boukhtouta et al [77], Zhao et al [78] and Caglayan et al [79]. Anomalous behaviours could also be analysed in relation to hypertext transfer protocol (HTTP) traffic, such as noted by Jia et al [80], Mathew et al [81], Choi et al [82] and Eslahi et al [83]; domain name service (DNS) query patterns and properties, such as by Seo et al [84] and Futai et al [85]; and transmission control protocol (TCP) requests, such as that looked into by Abdullah et al [86].…”
Section: Analysis-basedmentioning
confidence: 99%
“…Cybercriminals rent these fast flux proxy networks to create a profitable black market hosting environment. The authors of [8,44] have analyzed the structural relationships (domain, nameserver, IP connectivity) of fast-flux botnets and identified recurrent structural clusters across different botnet types. In [8], the authors have used a social network connectivity metric to show that {Command and Control and phishing} and {malware and spam botnets} have similar structural scores using the proposed metric.…”
Section: Related Workmentioning
confidence: 99%
“…The authors of [8,44] have analyzed the structural relationships (domain, nameserver, IP connectivity) of fast-flux botnets and identified recurrent structural clusters across different botnet types. In [8], the authors have used a social network connectivity metric to show that {Command and Control and phishing} and {malware and spam botnets} have similar structural scores using the proposed metric. In this paper, we have defined metrics to capture not only the attacker behavior but also the hosting provider effort toward mitigating the malicious infrastructure located in their networks.…”
Section: Related Workmentioning
confidence: 99%