Proactive detection of botnets with intended forceful infections from multiple malware collecting channels

Young Hoon Moon, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As the major role of Internet Service Providers becomes shifted from caring for their legitimate x-DSL subscribers and enterprise leased line users to protecting them from outside attacks, botnet detection is currently a hot issue in the telecommunications industry. Through this paper, we introduce efficient botnet pre-detection methods utilizing Honeynets with intended forceful infections based on different multiple channel sources. We applied our methods to a major Internet Service Provider in Korea, making use of multiple channel sources: Payloads from Spam Cut services, Intrusion Detection Systems, and Abuse emails. With our proposed method, we can detect 40% of real C&C server IPs and URLs before they are proven to be malicious sites in public. Also, we could find the C&C servers before they caused many victims during their propagation periods and, eventually, we will be able to shut them down proactively.

Original languageEnglish
Title of host publicationFuture Information Technology - 6th International Conference, FutureTech 2011, Proceedings
Pages29-36
Number of pages8
EditionPART 1
DOIs
Publication statusPublished - 2011
Event6th International Conference on Future Information Technology, FutureTech 2011 - Loutraki, Greece
Duration: 2011 Jun 282011 Jun 30

Publication series

NameCommunications in Computer and Information Science
NumberPART 1
Volume184 CCIS
ISSN (Print)1865-0929

Other

Other6th International Conference on Future Information Technology, FutureTech 2011
Country/TerritoryGreece
CityLoutraki
Period11/6/2811/6/30

Keywords

  • Botnet Detection
  • C&C Servers
  • Distributed Denial of Service
  • Honeynets
  • Intended forceful infection

ASJC Scopus subject areas

  • General Computer Science
  • General Mathematics

Fingerprint

Dive into the research topics of 'Proactive detection of botnets with intended forceful infections from multiple malware collecting channels'. Together they form a unique fingerprint.

Cite this