BCE: Extracting Botnet Commands from Bot Executables
نویسندگان
چکیده
Botnets are a major threat to the security of computer systems and the Internet. An increasing number of individual Internet sites have been compromised by attacks from all across the world to become part of various kinds of malicious botnets. The Internet security research community has made significant efforts to identify botnets, to collect data on their activities, and to develop techniques for detection, mitigation, and disruption. One way of analyzing the behavior of bots is to run the bot executables and observe their actions. For this to be possible, one needs proper input commands that trigger malicious behaviors. However, it is difficult and timeconsuming to manually infer botnet commands from binaries. In this paper, we present a tool called BCE for automatically extracting botnet-command information from bot executables. Our experiments showed that the new search strategies developed for BCE yielded both substantially higher coverage of the parts of the program relevant to identifying bot commands, as well as lowered run-time. Keywords-botnet analysis; bot-command analysis; directed test generation; control dependence
منابع مشابه
A Scalable Architecture for Persistent Botnet Tracking
The botnet phenomenon has recently garnered attention throughout both academia and industry. Unfortunately, botnets are still a mystery. In fact, today, very little is known about even the most basic botnet properties, such as size, growth, or demographics. The primary reason for this lack of knowledge is the fact that the existing approaches for measuring such properties are simply inadequate;...
متن کاملAn Analysis of the iKee.B iPhone Botnet
We present an analysis of the iKee.B (duh) Apple iPhone bot client, captured on November 25, 2009. The bot client was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. This report details the logic and function of iKee’s scripts, its configuration files, and its two binary executables, which we have rev...
متن کاملAnalysis and Detection of Botnets and Encrypted Tunnels
A botnet is a collection of compromised systems. A botnet has a bot-master which identifies the vulnerable systems and compromises them by injecting a malware code and remotely controls all these compromised systems using Command-andControl Infrastructure. These compromised systems are bots. Thus, a botnet is a network of bots. These bots receive commands from bot-master to perform various mali...
متن کاملAutomatically Generating Models for Botnet Detection
A botnet is a network of compromised hosts that is under the control of a single, malicious entity, often called the botmaster. We present a system that aims to detect bot-infected machines, independent of any prior information about the command and control channels or propagation vectors, and without requiring multiple infections for correlation. Our system relies on detection models that targ...
متن کاملPoster: Exploiting UPnP Protocol for Botnet Propagation and Control
With the development of Internet of Things (IoT), various devices connect to the Internet, which also bring us new security risks. To date, most research workers in the IoT security field focus on analyzing the weakness of devices from communication, configuration, backdoor and system vulnerability. However, with the increase of devices and protocol types, large-scale controlling is becoming mo...
متن کامل