Detection of botnets before activation

An enhanced honeypot system for intentional infection and behavioral observation of malware

Young Hoon Moon, Eunjin Kim, Suh Mahn Hur, Huy Kang Kim

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

Original languageEnglish
Pages (from-to)1094-1101
Number of pages8
JournalSecurity and Communication Networks
Volume5
Issue number10
DOIs
Publication statusPublished - 2012 Oct 1

Fingerprint

Computer systems
Chemical activation
Internet service providers
Servers
Botnet
Malware
Testing

Keywords

  • Behavioral analysis
  • Botnet detection
  • Honeynets
  • Intentional infection
  • Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Detection of botnets before activation : An enhanced honeypot system for intentional infection and behavioral observation of malware. / Moon, Young Hoon; Kim, Eunjin; Hur, Suh Mahn; Kim, Huy Kang.

In: Security and Communication Networks, Vol. 5, No. 10, 01.10.2012, p. 1094-1101.

Research output: Contribution to journalArticle

@article{8d6f5c0fbd784ac0b8ffe172f971ebaf,
title = "Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware",
abstract = "As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40{\%} of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.",
keywords = "Behavioral analysis, Botnet detection, Honeynets, Intentional infection, Malware",
author = "Moon, {Young Hoon} and Eunjin Kim and Hur, {Suh Mahn} and Kim, {Huy Kang}",
year = "2012",
month = "10",
day = "1",
doi = "10.1002/sec.431",
language = "English",
volume = "5",
pages = "1094--1101",
journal = "Security and Communication Networks",
issn = "1939-0122",
publisher = "John Wiley and Sons Inc.",
number = "10",

}

TY - JOUR

T1 - Detection of botnets before activation

T2 - An enhanced honeypot system for intentional infection and behavioral observation of malware

AU - Moon, Young Hoon

AU - Kim, Eunjin

AU - Hur, Suh Mahn

AU - Kim, Huy Kang

PY - 2012/10/1

Y1 - 2012/10/1

N2 - As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

AB - As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

KW - Behavioral analysis

KW - Botnet detection

KW - Honeynets

KW - Intentional infection

KW - Malware

UR - http://www.scopus.com/inward/record.url?scp=84867625328&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867625328&partnerID=8YFLogxK

U2 - 10.1002/sec.431

DO - 10.1002/sec.431

M3 - Article

VL - 5

SP - 1094

EP - 1101

JO - Security and Communication Networks

JF - Security and Communication Networks

SN - 1939-0122

IS - 10

ER -