Steps to Reducing Unwanted Traffic on the Internet Workshop Abstract
Pp. 3944 of the Proceedings
The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets
Evan Cooke, University of Michigan; Farnam Jahanian, University of Michigan and Arbor Networks; Danny McPherson, Arbor Networks
Abstract
Global Internet threats are undergoing a profound transformation from
attacks designed solely to disable infrastructure to those that also target
people and organizations. Behind these new attacks is a large pool of
compromised hosts sitting in homes, schools, businesses, and governments
around the world. These systems are infected with a bot that
communicates with a bot controller and other bots to form what is
commonly referred to as a zombie army or botnet. Botnets
are a very real and quickly evolving problem that is still not well
understood or studied. In this paper we outline the origins and structure
of bots and botnets and use data from the operator community, the Internet
Motion Sensor project, and a honeypot experiment to illustrate
the botnet problem today. We then study the effectiveness of detecting
botnets by directly monitoring IRC communication or other command and
control activity and show a more comprehensive approach is required.
We conclude by describing a system to detect botnets that utilize advanced
command and control systems by correlating secondary detection data from
multiple sources.
- View the full text of this paper in HTML and PDF, or the talk slides in PDF.
Until July 2006, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2005 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|