Countering Botnets: Anomaly-Based Detection, Comprehensive Analysis, and Efficient Mitigation

Abstract

We cover five general areas: (1) botnet detection, (2) botnet analysis, (3) botnet mitigation, (4) add-on tasks to the original contract, including the Conficker Working Group Lessons Learned, Layer-8 Exploration of Botnet Organization, and DREN research, and (5) commercialization in this paper. We have successfully developed new botnet detection and analysis capabilities in this project. These algorithms have been evaluated using real-world data, and have been put into actual, deployed systems. The most significant technical developments include a new dynamic reputation systems for DNS domains, a scalable anomaly detection system for botnet detection in very large network, and a transparent malware analysis system. In addition, on several occasions we have used our botnet data and analysis to help law enforcement agencies arrest botmasters. We also have had great success transitioning technologies to commercial products that are now used by government agencies, ISPs, and major corporations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2011
Accession Number
ADA543919

Entities

People

  • David Dagon
  • Gunter Ollman
  • Jody Westby
  • Jon Giffin
  • Nick Feamster
  • Paul Vixie
  • Rick Wesson
  • Wenke Lee

Organizations

  • Georgia Tech Research Corporation

Tags

Communities of Interest

  • C4I
  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Air Force
  • Algorithms
  • Anomaly Detection
  • Change Detection
  • Command And Control
  • Computer Communications
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Electronic Mail
  • Intrusion Detection
  • Intrusion Detectors
  • Lessons Learned
  • Network Protocols
  • Network Science
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber