Proactive detection of botnets with intended forceful infections from multiple malware collecting channels

Young Hoon Moon, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As the major role of Internet Service Providers becomes shifted from caring for their legitimate x-DSL subscribers and enterprise leased line users to protecting them from outside attacks, botnet detection is currently a hot issue in the telecommunications industry. Through this paper, we introduce efficient botnet pre-detection methods utilizing Honeynets with intended forceful infections based on different multiple channel sources. We applied our methods to a major Internet Service Provider in Korea, making use of multiple channel sources: Payloads from Spam Cut services, Intrusion Detection Systems, and Abuse emails. With our proposed method, we can detect 40% of real C&C server IPs and URLs before they are proven to be malicious sites in public. Also, we could find the C&C servers before they caused many victims during their propagation periods and, eventually, we will be able to shut them down proactively.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
Pages29-36
Number of pages8
Volume184 CCIS
EditionPART 1
DOIs
Publication statusPublished - 2011 Jul 14
Event6th International Conference on Future Information Technology, FutureTech 2011 - Loutraki, Greece
Duration: 2011 Jun 282011 Jun 30

Publication series

NameCommunications in Computer and Information Science
NumberPART 1
Volume184 CCIS
ISSN (Print)18650929

Other

Other6th International Conference on Future Information Technology, FutureTech 2011
CountryGreece
CityLoutraki
Period11/6/2811/6/30

    Fingerprint

Keywords

  • Botnet Detection
  • C&C Servers
  • Distributed Denial of Service
  • Honeynets
  • Intended forceful infection

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Moon, Y. H., & Kim, H. K. (2011). Proactive detection of botnets with intended forceful infections from multiple malware collecting channels. In Communications in Computer and Information Science (PART 1 ed., Vol. 184 CCIS, pp. 29-36). (Communications in Computer and Information Science; Vol. 184 CCIS, No. PART 1). https://doi.org/10.1007/978-3-642-22333-4_4