Characterizing Bots’ Remote Control Behavior

Stinson, Elizabeth; Mitchell, John C.

doi:10.1007/978-3-540-73614-1_6

Cited by 93 publications

(45 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Moreover, the information collected from bots is used to discover the C&C system, unknown susceptibilities, techniques and tools used by the attacker, and the motivation of the attacker. A honeynet is used to collect bot-binaries which penetrate the botnets (Freiling et al, 2005;Abu Rajab et al, 2006;Stinson and Mitchell, 2007). There are different techniques to capture bots in honeynets (McCarty, 2003;Freiling et al, 2005;Abu Rajab et al, 2006;Dagon et al, 2006;Barford and Yegneswaran, 2007;Oberheide et al, 2007;Cremonini and Riccardi, 2009;Jing et al, 2009;Szymczyk, 2009;Rieck et al, 2010;Pham and Dacier, 2011).…”

Section: Taxonomy Of the Botnet Detection Phenomenonmentioning

confidence: 97%

“…Botnet detection techniques are classified into two broad categories (Liu et al, 2008), IDSs and honeynets (Provos, 2004;Stinson and Mitchell, 2007). IDSs are further divided into anomaly-, signature-, and DNS-based IDSs (Stalmans and Irwin, 2011).…”

Section: Taxonomy Of the Botnet Detection Phenomenonmentioning

confidence: 99%

“…Anomaly-based approaches are further divided into host-and network-based approaches. In host-based approaches (Stinson and Mitchell, 2007), individual machines are monitored to find suspicious actions. Monitoring is performed in terms of processing overhead, accessing kernel level routines, and changing system calls.…”

Section: Taxonomy Of the Botnet Detection Phenomenonmentioning

confidence: 99%

“…The behavior of bots is investigated by scanning the processes relevant to specific applications installed on the host machine (Stinson and Mitchell, 2007). Each bot independently initializes commands received from the C&C system, whereas each command includes certain parameters, specific types, and predetermined execution orders.…”

Section: Host-based Botnet Detection Techniquesmentioning

confidence: 99%

See 3 more Smart Citations

Botnet detection techniques: review, future trends, and issues

Karim

Salleh

Shiraz

et al. 2014

J. Zhejiang Univ. - Sci. C

109

View full text Add to dashboard Cite

In recent years, the Internet has enabled access to widespread remote services in the distributed computing environment; however, integrity of data transmission in the distributed computing platform is hindered by a number of security issues. For instance, the botnet phenomenon is a prominent threat to Internet security, including the threat of malicious codes. The botnet phenomenon supports a wide range of criminal activities, including distributed denial of service (DDoS) attacks, click fraud, phishing, malware distribution, spam emails, and building machines for illegitimate exchange of information/materials. Therefore, it is imperative to design and develop a robust mechanism for improving the botnet detection, analysis, and removal process. Currently, botnet detection techniques have been reviewed in different ways; however, such studies are limited in scope and lack discussions on the latest botnet detection techniques. This paper presents a comprehensive review of the latest state-of-the-art techniques for botnet detection and figures out the trends of previous and current research. It provides a thematic taxonomy for the classification of botnet detection techniques and highlights the implications and critical aspects by qualitatively analyzing such techniques. Related to our comprehensive review, we highlight future directions for improving the schemes that broadly span the entire botnet detection research field and identify the persistent and prominent research challenges that remain open.

show abstract

Section: Taxonomy Of the Botnet Detection Phenomenonmentioning

confidence: 97%

Section: Taxonomy Of the Botnet Detection Phenomenonmentioning

confidence: 99%

Section: Taxonomy Of the Botnet Detection Phenomenonmentioning

confidence: 99%

Section: Host-based Botnet Detection Techniquesmentioning

confidence: 99%

See 2 more Smart Citations

Botnet detection techniques: review, future trends, and issues

Karim

Salleh

Shiraz

et al. 2014

J. Zhejiang Univ. - Sci. C

109

View full text Add to dashboard Cite

show abstract

“…One of recent malware is bot, which is a computer program which allows its master to remotely control the infected machine/parts [19]. Such malware usually exploits software vulnerabilities or employ social engineering to spread themselves.…”

Section: Botmentioning

confidence: 99%

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

Abstract.A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist.

show abstract

Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies

Asadi,

Jamali,

Heidari

et al. 2024

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Botnets have emerged as a significant internet security threat, comprising networks of compromised computers under the control of command and control (C&C) servers. These malevolent entities enable a range of malicious activities, from denial of service (DoS) attacks to spam distribution and phishing. Each bot operates as a malicious binary code on vulnerable hosts, granting remote control to attackers who can harness the combined processing power of these compromised hosts for synchronized, highly destructive attacks while maintaining anonymity. This survey explores botnets and their evolution, covering aspects such as their life cycles, C&C models, botnet communication protocols, detection methods, the unique environments botnets operate in, and strategies to evade detection tools. It analyzes research challenges and future directions related to botnets, with a particular focus on evasion and detection techniques, including methods like encryption and the use of covert channels for detection and the reinforcement of botnets. By reviewing existing research, the survey provides a comprehensive overview of botnets, from their origins to their evolving tactics, and evaluates how botnets evade detection and how to counteract their activities. Its primary goal is to inform the research community about the changing landscape of botnets and the challenges in combating these threats, offering guidance on addressing security concerns effectively through the highlighting of evasion and detection methods. The survey concludes by presenting future research directions, including using encryption and covert channels for detection and strategies to strengthen botnets. This aims to guide researchers in developing more robust security measures to combat botnets effectively.

show abstract

Characterizing Bots’ Remote Control Behavior

Cited by 93 publications

References 11 publications

Botnet detection techniques: review, future trends, and issues

Botnet detection techniques: review, future trends, and issues

An Open Source, Extensible Malware Analysis Platform

Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies

Contact Info

Product

Resources

About