Title :
Analyzing the behavior of top spam botnets
Author :
Sousa, Rui ; Rodrigues, Nuno ; Salvador, Paulo ; Nogueira, António
Author_Institution :
Inst. de Telecomun., Univ. of Aveiro, Aveiro, Portugal
Abstract :
Botnets became the preferred platform for launching attacks and committing fraud on enterprise networks and the Internet itself. Characterizing existing Botnets will help to coordinate and develop new technologies to face this serious security threat. Several approaches can be taken to study this phenomenon: analyze its source code, which can be a hard task mainly due to license restrictions; study the control mechanism, particularly the activity of its Command and Control server(s); study its behavior, by measuring real traffic and collecting relevant statistics. In this work, we have installed some of the most popular spam Botnets, capturing the originated traffic and characterizing it in order to identify the main trends/patterns of their activity. From the intensive statistics that were collected, it was possible to conclude that there are distinct features between different Botnets that can be explored to build efficient detection methodologies.
Keywords :
Internet; business communication; command and control systems; computer network security; network servers; telecommunication traffic; unsolicited e-mail; Internet; behavior analysis; command and control server; committing fraud; enterprise networks; hard task; intensive statistics; launching attacks; license restrictions; originated traffic; real traffic; relevant statistics; security threat; source code; top spam botnets; Computer crime; Electronic mail; Protocols; Servers; Trojan horses; Botnet; Spam; statistical characterization;
Conference_Titel :
Communications (ICC), 2012 IEEE International Conference on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4577-2052-9
Electronic_ISBN :
1550-3607
DOI :
10.1109/ICC.2012.6364709
