Characterizing Bots' Remote Control Behavior
نویسندگان
چکیده
A botnet is a collection of bots, each generally running on a compromised system and responding to commands over a “commandand-control” overlay network. We investigate observable differences in the behavior of bots and benign programs, focusing on the way that bots respond to data received over the network. Our experimental platform monitors execution of an arbitrary Win32 binary, considering data received over the network to be tainted, applying library-call-level taint propagation, and checking for tainted arguments to selected system calls. As a way of further distinguishing locally-initiated from remotely-initiated actions, we capture and propagate “cleanliness” of local user input (as received via the keyboard or mouse). Testing indicates behavioral separation of major bot families (agobot, DSNXbot, evilbot, G-SySbot, sdbot, Spybot) from benign programs with low error rate.
منابع مشابه
Characterizing the Remote Control Behavior of Bots
A botnet is a collection of bots, each generally running on a compromised system and responding to commands over a "command-andcontrol" overlay network. We investigate observable differences in the behavior of bots and benign programs, focusing on the way that bots respond to data received over the network. Our experimental platform monitors program behavior, considering data received over the ...
متن کاملCharacterizing Botnets from Email Spam Records
We develop new techniques to map botnet membership using traces of spam email. To group bots into botnets we look for multiple bots participating in the same spam email campaign. We have applied our technique against a trace of spam email from Hotmail Web mail services. In this trace, we have successfully identified hundreds of botnets. We present new findings about botnet sizes and behavior wh...
متن کاملSwarm Intelligence and Swarm Robotics - The Swarm-Bot Experiment
Swarm intelligence is the discipline that deals with natural and artificial systems composed of many individuals that coordinate using decentralized control and self-organization. In particular, it focuses on the collective behaviors that result from the local interactions of the individuals with each other and with their environment. The characterizing property of a swarm intelligence system i...
متن کاملBotnet Traffic Detection Techniques by C&C Session Classification Using SVM
Bots, which are new malignant programs are hard to detect by signature based pattern matching techniques. In this research, we focused on a unique function of the bots the remote control channel (C&C session). We clarified that the C&C session has unique characteristics that come from the behavior of bot programs. Accordingly, we propose an alternative technique to identify computers compromise...
متن کاملBotnet Detection by Monitoring Similar Communication Patterns
Botnet is most widespread and occurs commonly in today‘s cyber attacks, resulting in serious threats to our network assets and organization’s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-andControl (C&C) infrastructure. They are used to distribute commands to the Bots for malicious activiti...
متن کامل