Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems, Technology and Management

ICISTM 2010: Information Systems, Technology and Management pp 56–63Cite as

A System for Analyzing Advance Bot Behavior

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 54))

Abstract

Bot behavior analysis is an essencial component in botnet detection and response. Recent reseach on bot behavior analysis is focus on idenyifing wheather analysis target file is bot or not by monitoring user-level API call information of bot process and discover their malicous behaviors. However, such research does not monitor the bot process which has kernel-rootkit, anti-VM and static-DLL/binary code injection capabilities. In this paper, we present an approach based on a combination of System Call Layer rebuilding and process executing that enables automatic thwarting static-DLL/binary code injection. Also, we have built a system for analyzing advance bot behavior that can monitor the behavior of bot process at kernel-level and thwart some anti-vm methods. For experiments and evaluation, we have conduct experiments on several recent bot samples which have kernl-rootkit, anti-VM and static-DLL/binary code injection capabilities and shown that our system can successfully extrat their API call information and malicious behaviors from them.

This work was supported by the IT R&D program of MKE/KEIT. [2008-S-026-02, The Development of Active Detection and Response Technology against Botnet].

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. World Economic Forum, The internet is doomed, BBC News (January 2007)

    Google Scholar 

  2. CWSandbox, http://www.cwsandbox.org

  3. TTAnalyze, http://iseclab.org/projects/ttanalyze/

  4. ZeroWine, http://sourceforge.net/projects/zerowine/

  5. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware Analysis via Hardware Virtualization Extensions. In: CCS 2008 (November 2008)

    Google Scholar 

  6. Yin, H., Liang, Z., Song, D.: HookFinder: Identifying and Understanding Malware Hooking Behaviors. In: NDSS 2008 (February 2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Korea Internet and Security Agency, Seoul, Korea

    JooHyung Oh, Chaetae Im & HyunCheol Jeong

Authors
  1. JooHyung Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chaetae Im
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. HyunCheol Jeong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Georgia State University, 34 Peachtree Street, 30303, Atlanta, GA, USA

    Sushil K. Prasad

  2. Tata Research, Development and Design Center (TRDDC), Pune, India

    Harrick M. Vin

  3. CISE Department, CSE 301, University of Florida, FL 32611, Gainesville, USA

    Sartaj Sahni

  4. Management Development Institute (MDI), Mehrauli Road, Sukhrali, Gurgaon, India

    Mahadeo P. Jaiswal

  5. Dept. of Computer Engineering, King Mongkut’s University of Technology, Thonburi, 10140, Bangkok, Thailand

    Bundit Thipakorn

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Oh, J., Im, C., Jeong, H. (2010). A System for Analyzing Advance Bot Behavior. In: Prasad, S.K., Vin, H.M., Sahni, S., Jaiswal, M.P., Thipakorn, B. (eds) Information Systems, Technology and Management. ICISTM 2010. Communications in Computer and Information Science, vol 54. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12035-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12035-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12034-3

  • Online ISBN: 978-3-642-12035-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation