Benchmarking IP blacklists for financial botnet detection

Abstract: Every day, hundreds or even thousands of computers are infected with financial malware (i.e. Zeus) that forces them to become zombies or drones, capable of joining massive financial botnets that can be hired by well-organized cybercriminals in order to steal online banking customers' credentials. Despite the fact that detection and mitigation mechanisms for spam and DDoS-related botnets have been widely researched and developed, it is true that the passive nature (i.e. low network traffic, fewer connections) o… Show more

“…In previous research [9] we proved that it might be possible to discover IP addresses related to a financial botnet, by combining the information coming from well-known IP blacklists providers. In order to do so, we developed a set of metrics (i.e.…”

“…ISPs, law enforcement agencies and financial institutions) through a community-oriented online service. 2) A low-latency reputation system [9] based on IP blacklisting. This system is able to provide a scoring mechanism for determining the trustworthiness of a given IP address based on the quality of different blacklists containing that IP address.…”

“…The reputation system proposed in [9] needs to be further extended in order to meet some minimum trust and security guarantees. If it is meant to be used outside financial institution boundaries (i.e.…”

“…It is important to invest more research in order to improve the IP reputation system detection rate. As mentioned in [9], future work should take into account better reputation algorithms along with the effect of dynamic IP addresses -DHCP-.…”

A framework for financial botnet analysis

“…In previous research [9] we proved that it might be possible to discover IP addresses related to a financial botnet, by combining the information coming from well-known IP blacklists providers. In order to do so, we developed a set of metrics (i.e.…”

“…ISPs, law enforcement agencies and financial institutions) through a community-oriented online service. 2) A low-latency reputation system [9] based on IP blacklisting. This system is able to provide a scoring mechanism for determining the trustworthiness of a given IP address based on the quality of different blacklists containing that IP address.…”

“…The reputation system proposed in [9] needs to be further extended in order to meet some minimum trust and security guarantees. If it is meant to be used outside financial institution boundaries (i.e.…”

“…It is important to invest more research in order to improve the IP reputation system detection rate. As mentioned in [9], future work should take into account better reputation algorithms along with the effect of dynamic IP addresses -DHCP-.…”

A framework for financial botnet analysis

Taming the Digital Bandits: An Analysis of Digital Bank Heists and a System for Detecting Fake Messages in Electronic Funds Transfer

A survey of botnet detection based on DNS