skip to main content
10.1145/2714576.2714637acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
short-paper

Measuring Botnets in the Wild: Some New Trends

Published: 14 April 2015 Publication History

Abstract

Today, botnets are still responsible for most large scale attacks on the Internet. Botnets are versatile, they remain the most powerful attack platform by constantly and continuously adopting new techniques and strategies in the arms race against various detection schemes. Thus, it is essential to understand the latest of the botnets in a timely manner so that the insights can be utilized in developing more efficient defenses. In this work, we conduct a measurement study on some of the most active botnets on the Internet based on a public dataset collected over a period of seven months by a monitoring entity. We first examine and compare the attacking capabilities of different families of today's active botnets. Our analysis clearly shows that different botnets start to collaborate when launching DDoS attacks.

References

[1]
M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In IMC, 2006.
[2]
M. M. Andrade and N. Vlajic. Dirt jumper: A key player in today's botnet-for-ddos market. In WorldCIS. IEEE, 2012.
[3]
P. Bacher, T. Holz, M. Kotter, and G. Wicherski. Know your enemy: Tracking botnets. http://www.honeynet.org/papers/bots, 2005.
[4]
P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The nepenthes platform: An efficient approach to collect malware. In RAID, pages 165--184. Springer, 2006.
[5]
P. Barford and V. Yegneswaran. An inside look at botnets. In Malware Detection, pages 171--191. Springer, 2007.
[6]
H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. Youssef, M. Debbabi, and L. Wang. On the analysis of the zeus botnet crimeware toolkit. In PST, pages 31--38. IEEE, 2010.
[7]
J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011.
[8]
J. Caballero, P. Poosankam, C. Kreibich, and D. Song. Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering. In CCS, pages 621--634. ACM, 2009.
[9]
W. Chang, A. Wang, A. Mohaisen, and S. Chen. Characterizing botnets-as-a-service. In Proceedings of the 2014 ACM conference on SIGCOMM, pages 585--586. ACM, 2014.
[10]
C. Y. Cho, J. Caballero, C. Grier, V. Paxson, and D. Song. Insights from the inside: A view of botnet management from infiltration. In USENIX LEET, 2010.
[11]
N. Daswani, M. Stoppelman, the Google Click Quality, and S. Teams. The anatomy of clickbot.a. In USENIX HotBots, Cambridge, MA, April 2007.
[12]
C. P. L. David Dagon, Guofei Gu and W. Lee. A taxonomy of botnet structures. In ACSCA, 2007.
[13]
M. A. R. J. Z. Fabian and M. A. Terzis. My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In USENIX HotBots, 2007.
[14]
J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. In USENIX HotBots, pages 8--8. Cambridge, MA, 2007.
[15]
J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon. Peer-to-peer botnets: Overview and case study. In USENIX HotBots, pages 1--1, 2007.
[16]
G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through ids-driven dialog correlation. In USENIX Security, page 12, 2007.
[17]
G. Gu, J. Zhang, and W. Lee. Botsniffer: Detecting botnet command and control channels in network traffic. In NDSS, 2008.
[18]
T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. C. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In USENIX LEET, volume 8, pages 1--9, 2008.
[19]
Info Security Magazine. Spamhaus suffers largest ddos attack in history - entire internet affected. http://bit.ly/1bfx3ZH, March 2013.
[20]
L. Jing, X. Yang, G. Kaveh, D. Hongmei, and Z. Jingyuan. Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP JWCN, 2009.
[21]
A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In USENIX HotBots, volume 7. Cambridge, MA, 2007.
[22]
A. Moshchuk, T. Bragin, D. Deville, S. Gribble, and H. Levy. Spyproxy: Execution-based detection of malicious web content. In USENIX Security, 2007.
[23]
J. Nazario. Blackenergy ddos bot analysis. Arbor, 2007.
[24]
S. Shin and G. Gu. Conficker and beyond: a large-scale empirical study. In ACSAC, pages 151--160. ACM, 2010.
[25]
E. Stinson and J. C. Mitchell. Characterizing the remote control behavior of bots. In DIMVA, 2007.
[26]
Team Cymru. Team cymru community services. http://www.team-cymru.org/Monitoring/, May 2013.
[27]
P. Wang, S. Sparks, and C. C. Zou. An advanced hybrid peer-to-peer botnet. TDSC, 7(2):113--127, 2010.
[28]
Z. Zhu, G. Lu, Y. Chen, Z. Fu, P. Roberts, and K. Han. Botnet research survey. In COMPSAC, pages 967--972. IEEE, 2008.

Cited By

View all
  • (2024)Cross Device Federated Intrusion Detector for Early Stage Botnet Propagation in IoT2024 IEEE International Systems Conference (SysCon)10.1109/SysCon61195.2024.10553450(1-8)Online publication date: 15-Apr-2024
  • (2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
  • (2022)View from Above: Exploring the Malware Ecosystem from the Upper DNS HierarchyProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564646(240-250)Online publication date: 5-Dec-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security
April 2015
698 pages
ISBN:9781450332453
DOI:10.1145/2714576
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. botnet
  2. collaborations
  3. measurement
  4. network security

Qualifiers

  • Short-paper

Funding Sources

  • National Science Foundation

Conference

ASIA CCS '15
Sponsor:
ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security
April 14 - March 17, 2015
Singapore, Republic of Singapore

Acceptance Rates

ASIA CCS '15 Paper Acceptance Rate 48 of 269 submissions, 18%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)23
  • Downloads (Last 6 weeks)1
Reflects downloads up to 24 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Cross Device Federated Intrusion Detector for Early Stage Botnet Propagation in IoT2024 IEEE International Systems Conference (SysCon)10.1109/SysCon61195.2024.10553450(1-8)Online publication date: 15-Apr-2024
  • (2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
  • (2022)View from Above: Exploring the Malware Ecosystem from the Upper DNS HierarchyProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564646(240-250)Online publication date: 5-Dec-2022
  • (2022)XatuProceedings of the 18th International Conference on emerging Networking EXperiments and Technologies10.1145/3555050.3569121(1-17)Online publication date: 30-Nov-2022
  • (2022)RAD: A Statistical Mechanism Based on Behavioral Analysis for DDoS Attack CountermeasureIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.317259817(2732-2745)Online publication date: 2022
  • (2022)Detection Mechanisms for Peer-to-Peer Botnets: A Comparative Study2022 8th International Conference on Contemporary Information Technology and Mathematics (ICCITM)10.1109/ICCITM56309.2022.10031860(267-272)Online publication date: 31-Aug-2022
  • (2021)Effects of botnets – a human-organisational approachSecurity and Defence Quarterly10.35467/sdq/13858835:3(25-44)Online publication date: 1-Jul-2021
  • (2020)Maginot Lines and Tourniquets: On the Defendability of National Cyberspace2020 IEEE 45th LCN Symposium on Emerging Topics in Networking (LCN Symposium)10.1109/LCNSymposium50271.2020.9363273(19-30)Online publication date: 17-Nov-2020
  • (2020)Insights into Attacks’ Progression: Prediction of Spatio-Temporal Behavior of DDoS AttacksInformation Security Applications10.1007/978-3-030-65299-9_27(362-374)Online publication date: 9-Dec-2020
  • (2020)The Maestro Attack: Orchestrating Malicious Flows with BGPSecurity and Privacy in Communication Networks10.1007/978-3-030-63086-7_7(97-117)Online publication date: 12-Dec-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media