Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware

Young Hoon Moon; Eunjin Kim; Suh Mahn Hur; Huy Kang Kim

doi:10.1002/sec.431

Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware

Young Hoon Moon, Eunjin Kim, Suh Mahn Hur, Huy Kang Kim

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

6 Citations (Scopus)

Abstract

As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

Original language	English
Pages (from-to)	1094-1101
Number of pages	8
Journal	Security and Communication Networks
Volume	5
Issue number	10
DOIs	https://doi.org/10.1002/sec.431
Publication status	Published - 2012 Oct

Keywords

Behavioral analysis
Botnet detection
Honeynets
Intentional infection
Malware

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications

Access to Document

10.1002/sec.431

Cite this

@article{8d6f5c0fbd784ac0b8ffe172f971ebaf,

title = "Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware",

abstract = "As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.",

keywords = "Behavioral analysis, Botnet detection, Honeynets, Intentional infection, Malware",

author = "Moon, {Young Hoon} and Eunjin Kim and Hur, {Suh Mahn} and Kim, {Huy Kang}",

year = "2012",

month = oct,

doi = "10.1002/sec.431",

language = "English",

volume = "5",

pages = "1094--1101",

journal = "Security and Communication Networks",

issn = "1939-0122",

publisher = "John Wiley and Sons Inc.",

number = "10",

}

TY - JOUR

T1 - Detection of botnets before activation

T2 - An enhanced honeypot system for intentional infection and behavioral observation of malware

AU - Moon, Young Hoon

AU - Kim, Eunjin

AU - Hur, Suh Mahn

AU - Kim, Huy Kang

PY - 2012/10

Y1 - 2012/10

N2 - As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

AB - As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks.

KW - Behavioral analysis

KW - Botnet detection

KW - Honeynets

KW - Intentional infection

KW - Malware

UR - http://www.scopus.com/inward/record.url?scp=84867625328&partnerID=8YFLogxK

U2 - 10.1002/sec.431

DO - 10.1002/sec.431

M3 - Article

AN - SCOPUS:84867625328

SN - 1939-0122

VL - 5

SP - 1094

EP - 1101

JO - Security and Communication Networks

JF - Security and Communication Networks

IS - 10

ER -

Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this