Jiang Wei
College of Computer Science, Beijing University of Technology, Beijing, 100124, Peoples` Republic of China
Tian Zhihong
School of Computer Science and Technology, Harbin Institute of Technology, Haerbin, 150001, Peoples` Republic of China
ABSTRACT
In this study, a systematic approach to Capturing and Analysing botnets is presented. Our framework is a scalable and robust infrastructure and consists of four modules. Honeynet-based capture system is proposed that is the first step towards our framework, which can automatically and dynamically collect and analyze malware traffic over the Internet without supervision. Furthermore, a multidimensional analysis system is designed to analyze binaries captured in the capture system. In addition, we discuss our preliminary results and lessons learned from this work.
PDF References Citation
How to cite this article
Jiang Wei and Tian Zhihong, 2013. A Systematic Approach to Capturing and Analysing Botnets. Information Technology Journal, 12: 7152-7159.
DOI: 10.3923/itj.2013.7152.7159
URL: https://scialert.net/abstract/?doi=itj.2013.7152.7159
DOI: 10.3923/itj.2013.7152.7159
URL: https://scialert.net/abstract/?doi=itj.2013.7152.7159
REFERENCES
- Baecher, P., M. Koetter, T. Holz, M. Dornseif and F. Freiling, 2006. The Nephenthes platform: An efficient approach to collect malware. Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection, September 20-22, 2006, Hamburg, Germany, pp: 165-184.
CrossRef - Dagon, D., G. Gu, C. Zou, J. Grizzard, S. Dwivedi, W. Lee and R. Lipton, 2005. A taxonomy of botnets. Proceedings of 1st DNS-OARC Workshop, July 25-26, 2005, Santa Clara, CA., USA., pp: 1-16.
Direct Link - Freiling, F., T. Holz and G. Wicherski, 2005. Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. Proceedings of the 10th European Symposium on Research in Computer Security, September 12-14, 2005, Milan, Italy, pp: 319-335.
CrossRef - Paxton, N.C., G.J. Ahn, R. Kelly, K. Pearson and B.T. Chu, 2007. Collecting and analyzing bots in a systematic honeynet-based testbed environment. Proceedings of the 11th Colloquium for Information Systems Security Education, June 4-7, 2007, Boston University, Boston, MA., USA., pp: 76-81.
Direct Link - Rajab, M.A., F. Monrose and A. Terzis, 2006. A multifaceted approach to understanding the botnet phenomenon. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, October 25-27, 2006, Rio de Janeiro, Brazil, pp: 41-52.
CrossRef - Tang, Y. and S. Chen, 2005. Defending against Internet worms: A signature-based approach. IEEE Comput. Commun. Soc., 2: 1384-1394.
CrossRefDirect Link - Zhuge, J.W., X.H. Han, Y.L. Zhou, C.Y. Song, J.P. Guo and W. Zou, 2007. HoneyBow: An automated malware collection tool based on the high-interaction honeypot principle. J. Commun., 28: 8-13.
Direct Link