Guilt by Association-Based Discovery of Botnet Footprints

Abstract

In this paper, we describe a Guilt-by-Association approach to determining botnet footprint starting from a subset of known domains belonging to a specific botnet, and demonstrate our approach using recent botnets. Our empirical results leverage the botnet database that we have collected over a period of 12 months with our real-time fast flux network detection algorithm [1]. Botnets exploit a network of compromised machines (zombies) for illegal activities such as Distributed Denial of Service (DDoS) attacks, spam campaigns, phishing scams and malware delivery using DNS record manipulation techniques. Our results, which build upon our behaviour [2] and social network analysis [3] results, show that it is possible to identify a large portion of a botnet once a small segment of that botnet is identified through manual means, and to explain the differences in botnet footprint prediction using our proposed connectivity metric.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2010
Accession Number
ADA584039

Entities

People

  • Alper Caglayan
  • Dan Drapeau
  • Dustin Burke
  • Gerry Eaton
  • Mike Toothaker

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems
  • Weapons Technologies

DTIC Thesaurus Topics

  • Algorithms
  • Command And Control
  • Cyber Defense Techniques
  • Cyber Threats
  • Cybersecurity
  • Databases
  • Detection
  • Electronic Mail
  • Engineering
  • Information Science
  • Internet
  • Network Protocols
  • Networks
  • Phishers
  • Reverse Engineering
  • Social Networks
  • Websites

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.

Technology Areas

  • Cyber