Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Information Systems and e-Business Management
Erschienen in: Information Systems and e-Business Management 4/2012

01.12.2012 | Original Article

Behavioral analysis of botnets for threat intelligence

verfasst von: Alper Caglayan, Mike Toothaker, Dan Drapeau, Dustin Burke, Gerry Eaton

Erschienen in: Information Systems and e-Business Management | Ausgabe 4/2012

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This paper examines the behavioral patterns of fast-flux botnets for threat intelligence. The Threat Intelligence infrastructure, which we have specifically developed for fast-flux botnet detection and monitoring, enables this analysis. Cyber criminals and attackers use botnets to conduct a wide range of operations including spam campaigns, phishing scams, malware delivery, denial of service attacks, and click fraud. The most advanced botnet operators use fast-flux infrastructure and DNS record manipulation techniques to make their networks more stealthy, scalable, and resilient. Our analysis shows that such networks share common lifecycle characteristics, and form clusters based on size, growth and type of malicious behavior. We introduce a social network connectivity metric, and show that command and control and malware botnets have similar scores with this metric while spam and phishing botnets have similar scores. We describe how a Guilt-by-Association approach and connectivity metric can be used to predict membership in particular botnet families. Finally, we discuss the intelligence utility of fast-flux botnet behavior analysis as a cyber defense tool against advanced persistent threats.
Vorheriger Artikel Measuring and ranking attacks based on vulnerability analysis
Nächster Artikel Management and security of remote sensor networks in hazardous environments using over the air programming

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
Anti-Phishing Working Group (APWG) (2009) An APWG industry advisory—global phishing survey: trends and domain name use in 1H2009, October 2009
Caglayan A, Toothaker M (2010) FastFluxMonitor vs. Darknet traffic, SIE Workshop, 3 October 2010. Atlanta, GA
Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2009) Behavioral analysis of fast-flux service networks. Cyber security and information intelligence research workshop (CSIIRW-09), 13–15 April 2009, Oak Ridge, TN
Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2009) Real-time detection and classification of fast-flux service networks. Cybersecurity Applications and Technology Conference for Homeland Security (CATCH), 3–4 March 2009, Washington, DC
Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2010) Behavioral patterns of fast-flux service networks. Hawaii international conference on system sciences (HICSS-43) cyber security and information intelligence research Minitrack. Koloa, Kauai, Hawaii, 5–8 Jan 2010
Cox A, Golomb G (2010) The Kneber botnet. NetWitness Corporation, Herndon, VA, 17 Feb 2010
Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton, G (2010) Guilt-by-association based discovery of botnet footprints NATO research and technology organization workshop on information security and defense. Antalya, Turkey, 26–30 Apr
Holz T, Gorecki C, Rieck C, Freiling F (2008) Measuring and detecting fast-flux service networks. Presented at NDSS Symposium
ICANN (2008) GNSO issues report on fast-flux hosting, March 2008
ICANN (2008) Security and stability advisory committee. SAC 025: SSA advisory on fast-flux hosting and DNS, March 2008
ICANN Situation Awareness Note 2009-10-06
iDefense (2008) An iDefense topical research report: 2009 cyber threats and trends. 12 Dec 2008
Kanich C, Kreibich C, Levchenko K, Enright B, Voelker G, Paxson V, Savage S (2008) Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of 15th ACM conference on computer and communication security
Konte M, Feamster N, Jung J (2009) Dynamics of online scam hosting infrastructure. Proceedings of passive and active measurement conference (PAM), Seoul, Korea, April 2009
Liu J, Xiao Y, Ghaboosi K, Deng H, Zhang J (2009) Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP J Wirel Commun Netw 9 (February 2009)
McGrath DK, Gupta M (2008) Behind phishing: an examination of phisher modi operandi. In: Proceedings of the USENIX workshop on large-scale exploits and emergent threats
McGrath DK, Kalafut A, Gupta M (2009) Phishing infrastructure fluxes all the way. IEEE Security and Privacy Magazine Special Issue on Securing the Domain Name System, September/October 2009
Moore T, Clayton R (2007) Examining the impact of website take-down on phishing. In: Proceedings of anti-phishing working group ecrime researcher’s summit (APWG eCrime), ACM
Namestnikov Y (2009) The economics of botnets, Kapersky Labs
National Research Council of the National Academies (2009) Technology, policy, law, and ethics regarding U.S. acquisition and use of cyberattack capabilities. Oct 2009, pp 117–121 (154–155, 230–231)
Passerini E, Paleari R, Martignoni L, Bruschi D (2008) FluXOR: detecting and monitoring fast-flux service networks. Detection of intrusions and malware, and vulnerability assessment, pp 186–206
Ramachandran A, Feamster N, Dagon D (2006) Revealing botnet membership using DNSBL counter-intelligence. In: USENIX 2nd workshop on steps to reducing unwanted traffic on the internet (SRUTI ‘06), July 2006
Stamos A (2010) Aurora response recommendations, iSEC Partners, 17 Feb 2010
Tufte ER (2006) Beautiful Evidence. Graphics Press, Cheshire
WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats) (2010) D15 (D4.5) intermediate report on contextual features. Eur Commun Seventh Frame Prog, 13, 32 (9 Feb 2010)
Zdrnja B, Brownlee N, Wessels D (2007) Passive monitoring of DNS anomalies. In: Hammerli BM, Sommer R (eds) DIMVA 2007. LNCS, vol. 4579. Springer, Heidelberg, pp 129–139
Zhou CV, Leckie C, Karunasekera S (2009) Collaborative detection of fast flux phishing domains. J Netw 4(1)
Metadaten
Titel
Behavioral analysis of botnets for threat intelligence
verfasst von
Alper Caglayan
Mike Toothaker
Dan Drapeau
Dustin Burke
Gerry Eaton
Publikationsdatum
01.12.2012
Verlag
Springer-Verlag
Erschienen in
Information Systems and e-Business Management / Ausgabe 4/2012
Print ISSN: 1617-9846
Elektronische ISSN: 1617-9854
DOI
https://doi.org/10.1007/s10257-011-0171-7

Weitere Artikel der Ausgabe 4/2012

Information Systems and e-Business Management 4/2012 Zur Ausgabe

Original Article

Measuring and ranking attacks based on vulnerability analysis

Editorial

Introduction to the special issue on cyber security and management

Original Article

Defining and computing a value based cyber-security measure

Original Article

Management and security of remote sensor networks in hazardous environments using over the air programming

Original Article

The impact of website quality on customer satisfaction and purchase intention: perceived playfulness and perceived flow as mediators

Original Article

A characteristics framework for Semantic Information Systems Standards

Premium Partner

    Bildnachweise