Detection of botnets before activation: an enhanced honeypot system for intentional infection and behavioral observation of malware

Moon, Young Hoon; Kim, Eun Jin; Hur, Suh Mahn; Kim, Huy Kang

doi:10.1002/sec.431

Cited by 6 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examples of implementations of the honeypot technique towards countering botnets can be found in sources such as Al-Hakbani and Dahshan (2015) [91], Daniel and Hongmei (2013) [92] and Moon et al [93]. As adapted based on insights received from Barfar et al [94], Figure 5 illustrates a basic (naïve) deployment of honeypots.…”

Section: Analysis-basedmentioning

confidence: 99%

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

et al. 2019

View full text Add to dashboard Cite

Botnets have carved a niche in contemporary networking and cybersecurity due to the impact of their operations. The botnet threat continues to evolve and adapt to countermeasures as the security landscape continues to shift. As research efforts attempt to seek a deeper and robust understanding of the nature of the threat for more effective solutions, it becomes necessary to again traverse the threat landscape, and consolidate what is known so far about botnets, that future research directions could be more easily visualised. This research uses the general exploratory approach of the qualitative methodology to survey the current botnet threat landscape: Covering the typology of botnets and their owners, the structure and lifecycle of botnets, botnet attack modes and control architectures, existing countermeasure solutions and limitations, as well as the prospects of a botnet threat. The product is a consolidation of knowledge pertaining the nature of the botnet threat; which also informs future research directions into aspects of the threat landscape where work still needs to be done.

show abstract

Section: Analysis-basedmentioning

confidence: 99%

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

et al. 2019

View full text Add to dashboard Cite

show abstract

“…On the other hand, the types of application-based defense mechanisms are much more numerous: client-puzzle [37], IRC-based [23], anomaly-based [10] [27], DNS tracking [25], and attack traffic suppression [24]. In addition to these traditional defense methods, advanced defense methods, such as reverse engineering [20] and honeypot [29] [31], also exist. We divide our literature review below into three parts.…”

Section: Related Workmentioning

confidence: 99%

“…A honeypot-based proactive defense is more effective and efficient for blocking DDoS attacks [29]. Moon et al introduced the hybrid honeypot system, which enables the ISP to find the C&C structured botnet before it initiates an attack.…”

Section: Reverse Engineering and Honeypotsmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Defense Technique for ISP Against the Distributed Denial of Service Attacks

Moon

Choi

Kim

et al. 2014

Appl. Math. Inf. Sci.

Self Cite

View full text Add to dashboard Cite

Abstract:As malicious traffic from botnets now threatens the network infrastructure of Internet Service Providers (ISPs), the importance of controlling botnets is greater than ever before. However, it is not easy to handle rapidly evolving botnets efficiently because of the highly evolved detection avoidance techniques used by botnet makers. Further, nowadays, Distributed Denial of Service (DDoS) attacks can compromise not only specific target sites but also the entire network infrastructure, as high-bandwidth Internet services are now being provided. Thus, ISPs are deploying their own defense systems to prevent DDoS attacks and protect their network infrastructure. However, the new problem ISPs confront is that botnet masters also try to destroy their defense systems to make their attack successful. ISPs can mitigate DDoS through botnet-specific management by taking preemptive measures, such as the proactive reverse engineering of suspicious code and the use of honeypots. This paper illustrates an advanced DDoS defense technique for the use of ISPs with a real case study of the technique's implementation. This technique was proven very effective method for controlling botnets, and we could confirm this effectiveness in a real ISP environment.

show abstract

“…Botnets are detected using different characteristics of the network traffic, for example, using networks statistics , communication protocols , suspicious traffic behavior , graphical representations of behaviors , actions in honeypots , behavioral features , collaborative feedback in large networks and malicious actions . However, botnets evolve and thus make obsolete most detection methods.…”

Section: Introductionmentioning

confidence: 99%

Survey on network‐based botnet detection methods

García

Zunino

Campo

2013

Security Comm Networks

View full text Add to dashboard Cite

Botnets are an important security problem on the Internet. They continuously evolve their structure, protocols and attacks. This survey analyzes and compares the most important efforts carried out in a network‐based detection area. It accomplishes four tasks: first, the comparison of previous surveys and the proposal of four new dimensions to analyze their classification schemes; second, a new classification and comparison of network‐based botnet detection proposals, which includes the definition of 20 desired properties of every botnet detection paper; third, an extensive comparison between the most representative detection proposals; and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Detection of botnets before activation: an enhanced honeypot system for intentional infection and behavioral observation of malware

Cited by 6 publications

References 12 publications

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

A Hybrid Defense Technique for ISP Against the Distributed Denial of Service Attacks

Survey on network‐based botnet detection methods

Contact Info

Product

Resources

About