Honeypot detection in advanced botnet attacks
نویسندگان
چکیده
Botnets have become one of the major attacks in current Internet due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defense systems. Since honeypots set up by security defenders can attract botnet compromises and become spies in exposing botnet membership and botnet attacker behaviors, they are widely used by security defenders in botnet defense. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this constraint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet can successfully send out unmodified malicious traffic. Based on this basic detection principle, we present honeypot detection techniques to be used in both centralized botnets and peer-to-peer structured botnets. Experiments show that current standard honeypot and honeynet programs are vulnerable to the proposed honeypot detection techniques. In the end, we discuss some guidelines for defending against general honeypot-aware attacks.
منابع مشابه
Exploring A Root-Cause Methodology to Prevent Emerging Internet Threat
A “botnet” consists of a network of compromised computers controlled by an attacker often called botmaster. Recently, botnets have become the root cause of many Internet attacks. To be well-prepared for future attacks, it is not only study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be develope...
متن کاملThe Next Generation Botnet Attacks And Defenses
A “botnet” is a network of compromised computers (bots) that are controlled by an attacker (botmasters). Botnets are one of the most serious threats to today’s Internet; they are the root cause of many current Internet attacks, such as email spam, distributed denial of service (DDoS) attacks , click fraud, etc. There have been many researches on how to detect, monitor, and defend against botnet...
متن کاملThe Zombie Roundup: Understanding, Detecting, and Disrupting Botnets
Global Internet threats are undergoing a profound transformation from attacks designed solely to disable infrastructure to those that also target people and organizations. Behind these new attacks is a large pool of compromised hosts sitting in homes, schools, businesses, and governments around the world. These systems are infected with a bot that communicates with a bot controller and other bo...
متن کاملNepenthes Honeypots based Botnet Detection
Thenumbers of the botnet attacks areincreasing day by day and the detection of botnet spreading in the network has become very challenging. Bots are having specific characteristics incomparison of normal malware as they are controlled by the remote master server and usually don’t show their behavior like normal malware until they don’t receive any command from their master server. Most of time ...
متن کاملA Hybrid Defense Technique for ISP Against the Distributed Denial of Service Attacks
As malicious traffic from botnets now threatens the network infrastructure of Internet Service Providers (ISPs), the importance of controlling botnets is greater than ever before. However, it is not easy to handle rapidly evolving botnets efficiently because of the highly evolved detection avoidance techniques used by botnet makers. Further, nowadays, Distributed Denial of Service (DDoS) attack...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IJICS
دوره 4 شماره
صفحات -
تاریخ انتشار 2010