DocumentCode :
1940627
Title :
Good guys vs. Bot Guise: Mimicry attacks against fast-flux detection systems
Author :
Knysz, Matthew ; Hu, Xin ; Shin, Kang G.
Author_Institution :
Univ. of Michigan, Ann Arbor, MI, USA
fYear :
2011
fDate :
10-15 April 2011
Firstpage :
1844
Lastpage :
1852
Abstract :
In this paper, we explore the escalating “arms race” between fast-flux (FF) botnet detectors and the botmasters´ effort to subvert them, and investigate several novel mimicry-attack techniques that allow botmasters to avoid detection. We first analyze the state-of-art FF detectors and their effectiveness against the current botnet threat, demonstrating how botmasters can - with their current resources - thwart detection strategies. Based on the realistic assumptions inferred from empirically observed trends, we create formal models for bot decay, online availability, DNS-advertisement strategies and performance, allowing us to demonstrate the effectiveness of different mimicry attacks and evaluate their effects on the overall online availability and capacity of botnets.
Keywords :
authorisation; invasive software; DNS-advertisement strategy; FF detector; fast-flux botnet detector; fast-flux detection system; mimicry attack; Advertising; Availability; Computers; Detectors; IP networks; Monitoring; Servers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
INFOCOM, 2011 Proceedings IEEE
Conference_Location :
Shanghai
ISSN :
0743-166X
Print_ISBN :
978-1-4244-9919-9
Type :
conf
DOI :
10.1109/INFCOM.2011.5934985
Filename :
5934985
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1940627
بازگشت