Behavioral Analysis of Zombie Armies
نویسنده
چکیده
Zombie armies or botnets, i.e., large groups of compromised machines controlled remotely by a same entity pose today a significant threat to national security. Recent cyber-conficts have indeed demonstrated that botnets can be easily turned into digital weapons, which can be used by cybercriminals to attack the network resources of a country by performing simple Distributed Denial-of Service (DDoS) attacks against critical web services. A deep understanding of the longterm behavior of botnet armies, and their strategic evolution, is thus a vital requirement to combat effectively those latent threats. In this paper, we show how to enable such a long-term, strategic analysis, and how to study the dynamic behaviors and the global characteristics of these complex, large-scale phenomena by applying different techniques from the area of knowledge discovery on attack traces collected on the Internet. We illustrate our method with some experimental results obtained from a set of worldwide distributed server honeypots, which have monitored attack activity in 18 different IP subnets for more than 640 days. Our preliminary results highlight several interesting findings, such as i) the strong resilience of zombie armies on the Internet, with survival times going up to several months; ii) the high degree of coordination among zombies; iii) the highly uneven spatial distribution of bots in a limited number of “unclean networks”, and iv) the large proportion of home users’ machines with high-speed Internet connexions among the bot population.
منابع مشابه
ZLOC: Detection of Zombie Users in Online Social Networks Using Location Information
Online social networks serve as a promising platform for social eliteness and financial gain. With such a promise or dream, zombie accounts, behind which stand no real users, become prevalent. The detection of such accounts has been games of cat and mouse, with more and more sophisticated methods used by zombie account managers. In this work, we propose a new zombie account detection technique ...
متن کاملA Rule-based Model of a Hypothetical Zombie Outbreak: Insights on the role of emotional factors during behavioral adaptation of an artificial population
Models of infectious diseases have been developed since the first half of the twentieth century. There are different approaches to model an infectious outbreak, especially in terms of how individuals and their interactions are defined and treated. Most models haven’t considered the role that emotional factors of the individual may play on the population’s behavioral adaptation during the spread...
متن کاملBotnet Tracking Tools
Botnets are a serious threat to internet security. Botnets consist of networked collections of compromised machines called robots or ‘bots’ for short. Bots are also called ‘zombies,’ and botnets are also called ‘zombie armies.’ Bots are controlled by nodes called ‘botmasters’ or ‘botherders.’ Bots are infected with malicious code that performs work on behalf of the botmaster or botherder. Botne...
متن کاملBotnet Tracking Tools
Botnets are a serious threat to internet security. Botnets consist of networked collections of compromised machines called robots or ‘bots’ for short. Bots are also called ‘zombies,’ and botnets are also called ‘zombie armies.’ Bots are controlled by nodes called ‘botmasters’ or ‘botherders.’ Bots are infected with malicious code that performs work on behalf of the botmaster or botherder. Botne...
متن کامل