Computer Science – Cryptography and Security
Scientific paper
2012-03-07
Computer Science
Cryptography and Security
Scientific paper
Recent research has made great strides in the field of detecting botnets. However, botnets of all kinds continue to plague the Internet, as many ISPs and organizations do not deploy these techniques. We aim to mitigate this state by creating a very low-cost method of detecting infected bot host. Our approach is to leverage the botnet detection work carried out by some organizations to easily locate collaborating bots elsewhere. We created BotMosaic as a countermeasure to IRC-based botnets. BotMosaic relies on captured bot instances controlled by a watermarker, who inserts a particular pattern into their network traffic. This pattern can then be detected at a very low cost by client organizations and the watermark can be tuned to provide acceptable false-positive rates. A novel feature of the watermark is that it is inserted collaboratively into the flows of multiple captured bots at once, in order to ensure the signal is strong enough to be detected. BotMosaic can also be used to detect stepping stones and to help trace back to the botmaster. It is content agnostic and can operate on encrypted traffic. We evaluate BotMosaic using simulations and a testbed deployment.
Borisov Nikita
Houmansadr Amir
No associations
LandOfFree
BotMosaic: Collaborative Network Watermark for Botnet Detection does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with BotMosaic: Collaborative Network Watermark for Botnet Detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and BotMosaic: Collaborative Network Watermark for Botnet Detection will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-395428