Traceback Framework against Botmaster by Sharing Network Communication Pattern Information

Traceback Framework against Botmaster by Sharing Network Communication Pattern Information

In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communicati...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Mizoguchi, S., Takemori, K., Miyake, Y., Hori, Y., Sakurai, K.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
botmaster traceback
botnet
Communities
Computer crime
Malware
Mobile communication
Servers
Ubiquitous computing
Web and internet services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose a framework for botmaster trace back. In this framework, owners of servers which become to C&C server will collaborate and share the communication patterns for trace back. To do this, we propose the information sharing using communication pattern monitoring tools with the servers.
DOI:10.1109/IMIS.2011.152