TY - GEN
T1 - Proactive detection of botnets with intended forceful infections from multiple malware collecting channels
AU - Moon, Young Hoon
AU - Kim, Huy Kang
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2011
Y1 - 2011
N2 - As the major role of Internet Service Providers becomes shifted from caring for their legitimate x-DSL subscribers and enterprise leased line users to protecting them from outside attacks, botnet detection is currently a hot issue in the telecommunications industry. Through this paper, we introduce efficient botnet pre-detection methods utilizing Honeynets with intended forceful infections based on different multiple channel sources. We applied our methods to a major Internet Service Provider in Korea, making use of multiple channel sources: Payloads from Spam Cut services, Intrusion Detection Systems, and Abuse emails. With our proposed method, we can detect 40% of real C&C server IPs and URLs before they are proven to be malicious sites in public. Also, we could find the C&C servers before they caused many victims during their propagation periods and, eventually, we will be able to shut them down proactively.
AB - As the major role of Internet Service Providers becomes shifted from caring for their legitimate x-DSL subscribers and enterprise leased line users to protecting them from outside attacks, botnet detection is currently a hot issue in the telecommunications industry. Through this paper, we introduce efficient botnet pre-detection methods utilizing Honeynets with intended forceful infections based on different multiple channel sources. We applied our methods to a major Internet Service Provider in Korea, making use of multiple channel sources: Payloads from Spam Cut services, Intrusion Detection Systems, and Abuse emails. With our proposed method, we can detect 40% of real C&C server IPs and URLs before they are proven to be malicious sites in public. Also, we could find the C&C servers before they caused many victims during their propagation periods and, eventually, we will be able to shut them down proactively.
KW - Botnet Detection
KW - C&C Servers
KW - Distributed Denial of Service
KW - Honeynets
KW - Intended forceful infection
UR - http://www.scopus.com/inward/record.url?scp=79960122990&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79960122990&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-22333-4_4
DO - 10.1007/978-3-642-22333-4_4
M3 - Conference contribution
AN - SCOPUS:79960122990
SN - 9783642223327
T3 - Communications in Computer and Information Science
SP - 29
EP - 36
BT - Future Information Technology - 6th International Conference, FutureTech 2011, Proceedings
T2 - 6th International Conference on Future Information Technology, FutureTech 2011
Y2 - 28 June 2011 through 30 June 2011
ER -