Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network

Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network

In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bar, Arian, Paciello, Antonio, Romirer-Maierhofer, Peter
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Algorithm design and analysis
Clustering algorithms
Electronic mail
IP networks
Monitoring
Servers
Superluminescent diodes
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 398
container_issue
container_start_page 393
container_title
container_volume
creator Bar, Arian
Paciello, Antonio
Romirer-Maierhofer, Peter
description In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.
doi_str_mv 10.1109/INFCOMW.2013.6562863
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6562863</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6562863</ieee_id><sourcerecordid>6562863</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-708f77edcac2a70bc1491fd376c8cfd40de8807ae75e490272385e33be03a7933</originalsourceid><addsrcrecordid>eNo1kMFOwzAQRI0QElD6BXDYD6BlbSdZmxsKbalU2gMFTqhykk0xhCRKgqB_TwTlNDN6mjmMEBcSx1KivZovp_Hq_nmsUOpxFEbKRPpAnMqArEUMIzoUQ0vmP4fmWAzb9g0R-3qklDoRL-vG1bUvt5BUXcldC8kObpcPkDtffDYM256_ttfw5Aqfuc5X5SXwd8dl21twZQZ9v_DpL4KuAgd6Bv3SV9W8n4mj3BUtD_c6EI_TyTq-Gy1Ws3l8sxh5SWE3IjQ5EWepS5UjTFIZWJlnmqLUpHkWYMbGIDmmkAOLipQ2IWudMGpHVuuBOP_b9cy8qRv_4ZrdZv-I_gEAF1VY</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Bar, Arian ; Paciello, Antonio ; Romirer-Maierhofer, Peter</creator><creatorcontrib>Bar, Arian ; Paciello, Antonio ; Romirer-Maierhofer, Peter</creatorcontrib><description>In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.</description><identifier>ISBN: 9781479900558</identifier><identifier>ISBN: 1479900559</identifier><identifier>EISBN: 1479900567</identifier><identifier>EISBN: 9781479900565</identifier><identifier>EISBN: 1479900540</identifier><identifier>EISBN: 9781479900541</identifier><identifier>DOI: 10.1109/INFCOMW.2013.6562863</identifier><language>eng</language><publisher>IEEE</publisher><subject>Algorithm design and analysis ; Clustering algorithms ; Electronic mail ; IP networks ; Monitoring ; Servers ; Superluminescent diodes</subject><ispartof>2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2013, p.393-398</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6562863$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6562863$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Bar, Arian</creatorcontrib><creatorcontrib>Paciello, Antonio</creatorcontrib><creatorcontrib>Romirer-Maierhofer, Peter</creatorcontrib><title>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</title><title>2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)</title><addtitle>INFCOMW</addtitle><description>In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.</description><subject>Algorithm design and analysis</subject><subject>Clustering algorithms</subject><subject>Electronic mail</subject><subject>IP networks</subject><subject>Monitoring</subject><subject>Servers</subject><subject>Superluminescent diodes</subject><isbn>9781479900558</isbn><isbn>1479900559</isbn><isbn>1479900567</isbn><isbn>9781479900565</isbn><isbn>1479900540</isbn><isbn>9781479900541</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2013</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo1kMFOwzAQRI0QElD6BXDYD6BlbSdZmxsKbalU2gMFTqhykk0xhCRKgqB_TwTlNDN6mjmMEBcSx1KivZovp_Hq_nmsUOpxFEbKRPpAnMqArEUMIzoUQ0vmP4fmWAzb9g0R-3qklDoRL-vG1bUvt5BUXcldC8kObpcPkDtffDYM256_ttfw5Aqfuc5X5SXwd8dl21twZQZ9v_DpL4KuAgd6Bv3SV9W8n4mj3BUtD_c6EI_TyTq-Gy1Ws3l8sxh5SWE3IjQ5EWepS5UjTFIZWJlnmqLUpHkWYMbGIDmmkAOLipQ2IWudMGpHVuuBOP_b9cy8qRv_4ZrdZv-I_gEAF1VY</recordid><startdate>201304</startdate><enddate>201304</enddate><creator>Bar, Arian</creator><creator>Paciello, Antonio</creator><creator>Romirer-Maierhofer, Peter</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201304</creationdate><title>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</title><author>Bar, Arian ; Paciello, Antonio ; Romirer-Maierhofer, Peter</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-708f77edcac2a70bc1491fd376c8cfd40de8807ae75e490272385e33be03a7933</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Algorithm design and analysis</topic><topic>Clustering algorithms</topic><topic>Electronic mail</topic><topic>IP networks</topic><topic>Monitoring</topic><topic>Servers</topic><topic>Superluminescent diodes</topic><toplevel>online_resources</toplevel><creatorcontrib>Bar, Arian</creatorcontrib><creatorcontrib>Paciello, Antonio</creatorcontrib><creatorcontrib>Romirer-Maierhofer, Peter</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Bar, Arian</au><au>Paciello, Antonio</au><au>Romirer-Maierhofer, Peter</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</atitle><btitle>2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)</btitle><stitle>INFCOMW</stitle><date>2013-04</date><risdate>2013</risdate><spage>393</spage><epage>398</epage><pages>393-398</pages><isbn>9781479900558</isbn><isbn>1479900559</isbn><eisbn>1479900567</eisbn><eisbn>9781479900565</eisbn><eisbn>1479900540</eisbn><eisbn>9781479900541</eisbn><abstract>In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.</abstract><pub>IEEE</pub><doi>10.1109/INFCOMW.2013.6562863</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9781479900558
ispartof 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2013, p.393-398
issn
language eng
recordid cdi_ieee_primary_6562863
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Algorithm design and analysis
Clustering algorithms
Electronic mail
IP networks
Monitoring
Servers
Superluminescent diodes
title Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T00%3A21%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Trapping%20botnets%20by%20DNS%20failure%20graphs:%20Validation,%20extension%20and%20application%20to%20a%203G%20network&rft.btitle=2013%20IEEE%20Conference%20on%20Computer%20Communications%20Workshops%20(INFOCOM%20WKSHPS)&rft.au=Bar,%20Arian&rft.date=2013-04&rft.spage=393&rft.epage=398&rft.pages=393-398&rft.isbn=9781479900558&rft.isbn_list=1479900559&rft_id=info:doi/10.1109/INFCOMW.2013.6562863&rft_dat=%3Cieee_6IE%3E6562863%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1479900567&rft.eisbn_list=9781479900565&rft.eisbn_list=1479900540&rft.eisbn_list=9781479900541&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6562863&rfr_iscdi=true