Creation of the importance scanning worm using information collected by Botnets
نویسندگان
چکیده
0140-3664/$ see front matter 2009 Elsevier B.V. A doi:10.1016/j.comcom.2009.11.012 * Corresponding authors. Tel.: +1 814 863 0641. E-mail addresses: [email protected] (Y.-H. Choi), pl snu.ac.kr (S.-W. Seo). Importance scanning worm exploits a non-uniform distribution of vulnerable hosts on the Internet. To realize an importance scanning worm, the attacker needs to obtain or estimate the distribution of vulnerable hosts. Zesheng Chen and Chuanyi Ji claimed that a worm can infer the distribution of vulnerable hosts on the Internet by either using public information (e.g., empirical distribution of web servers) or using the distribution of worm-infected hosts during worm propagation. However, the first method may often fail and the second method may not be fast as expected. In this paper, we answer the question, ‘‘How do we determine which part on the Internet is more vulnerable, while maintaining a simple worm propagation mechanism?”. To learn the distribution of vulnerable hosts on the Internet, the proposed estimation method applies statistical sampling and estimation theory while using a Botnet, which is a distributed network of Bots. From analytical models and their validation results, we show the proposed estimation method can get sufficiently accurate estimations; in many cases, the good-enough sampling ratio is as small as 0.6%. Also, it is shown that the estimated distribution is unbiased toward the actual distribution of vulnerable hosts on the Internet. Thus, we believe that the estimated distribution table of vulnerable hosts on the Internet will help the worm identify target systems more effectively. 2009 Elsevier B.V. All rights reserved.
منابع مشابه
HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملDetecting BOT Victim in Client Networks
In this paper we discuss my research in detecting bot victim in client networks. Botnets are collections of Internet hosts (―bots‖) that, through malware infection, have fallen under the control of a single entity (―botmaster‖). Botnets perform network scanning for different reasons: propagation, enumeration, penetration. One common type of scanning, called ―horizontal scanning,‖ systematically...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملMolecular Identification of Six Honeybee Viruses in Iranian Apiaries
The identification of honeybee viruses is of serious importance, particularly considering the lack of information on the natural incidence of viral infections in honeybee populations worldwide. Moreover, the global spread of Varroa destructor in honeybee colonies has a significant effect on the viral infection. In the present study, 160 samples of adult bee from apparently healthy colonies but ...
متن کاملOptimal worm-scanning method using vulnerable-host distributions
Most Internet worms use random scanning. The distribution of vulnerable hosts on the Internet, however, is highly non-uniform over the IP-address space. This implies that random scanning wastes many scans on invulnerable addresses, and more virulent scanning schemes may take advantage of the non-uniformity of a vulnerablehost distribution. Questions then arise as to how attackers may exploit su...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Communications
دوره 33 شماره
صفحات -
تاریخ انتشار 2010