Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network

Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network

In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bar, Arian, Paciello, Antonio, Romirer-Maierhofer, Peter
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Algorithm design and analysis
Clustering algorithms
Electronic mail
IP networks
Monitoring
Servers
Superluminescent diodes
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 3164
container_issue
container_start_page 3159
container_title
container_volume
creator Bar, Arian
Paciello, Antonio
Romirer-Maierhofer, Peter
description In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.
doi_str_mv 10.1109/INFCOM.2013.6567131
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6567131</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6567131</ieee_id><sourcerecordid>6567131</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-f645bfa9359dbf152d8ca5b3225db683d5f5aa69b49e3de6bab5350c859b13ff3</originalsourceid><addsrcrecordid>eNpVkMtOwzAQRc1Loir9gm7mA0ixMx4nZocKLUilXVAQG1TZtV0MIamSIOjfE0E3rOZKR_foahgbCj4SguuLu_lkvLgfpVzgSJHKBIoDNtBZLqTKkLQkfsh6qZIi0Xkmj_4xicesxzOJiVDq-ZQNmuaNc96JVZrzHntZ1ma7jeUGbNWWvm3A7uB6_gDBxOKz9rDp-GtzCU-miM60sSrPwX-3vmy6CKZ00PWLuP5F0FZgAKfQmb6q-v2MnQRTNH6wv332OLlZjm-T2WJ6N76aJVFk1CZBSbLB6G6ws0FQ6vK1IYtpSs6qHB0FMkZpK7VH55U1lpD4OidtBYaAfTb880bv_Wpbxw9T71b7Z-EPZnxaOA</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Bar, Arian ; Paciello, Antonio ; Romirer-Maierhofer, Peter</creator><creatorcontrib>Bar, Arian ; Paciello, Antonio ; Romirer-Maierhofer, Peter</creatorcontrib><description>In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.</description><identifier>ISSN: 0743-166X</identifier><identifier>ISBN: 9781467359443</identifier><identifier>ISBN: 1467359440</identifier><identifier>EISSN: 2641-9874</identifier><identifier>EISBN: 9781467359450</identifier><identifier>EISBN: 9781467359467</identifier><identifier>EISBN: 1467359467</identifier><identifier>EISBN: 1467359459</identifier><identifier>DOI: 10.1109/INFCOM.2013.6567131</identifier><language>eng</language><publisher>IEEE</publisher><subject>Algorithm design and analysis ; Clustering algorithms ; Electronic mail ; IP networks ; Monitoring ; Servers ; Superluminescent diodes</subject><ispartof>2013 Proceedings IEEE INFOCOM, 2013, p.3159-3164</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6567131$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6567131$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Bar, Arian</creatorcontrib><creatorcontrib>Paciello, Antonio</creatorcontrib><creatorcontrib>Romirer-Maierhofer, Peter</creatorcontrib><title>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</title><title>2013 Proceedings IEEE INFOCOM</title><addtitle>INFCOM</addtitle><description>In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.</description><subject>Algorithm design and analysis</subject><subject>Clustering algorithms</subject><subject>Electronic mail</subject><subject>IP networks</subject><subject>Monitoring</subject><subject>Servers</subject><subject>Superluminescent diodes</subject><issn>0743-166X</issn><issn>2641-9874</issn><isbn>9781467359443</isbn><isbn>1467359440</isbn><isbn>9781467359450</isbn><isbn>9781467359467</isbn><isbn>1467359467</isbn><isbn>1467359459</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2013</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNpVkMtOwzAQRc1Loir9gm7mA0ixMx4nZocKLUilXVAQG1TZtV0MIamSIOjfE0E3rOZKR_foahgbCj4SguuLu_lkvLgfpVzgSJHKBIoDNtBZLqTKkLQkfsh6qZIi0Xkmj_4xicesxzOJiVDq-ZQNmuaNc96JVZrzHntZ1ma7jeUGbNWWvm3A7uB6_gDBxOKz9rDp-GtzCU-miM60sSrPwX-3vmy6CKZ00PWLuP5F0FZgAKfQmb6q-v2MnQRTNH6wv332OLlZjm-T2WJ6N76aJVFk1CZBSbLB6G6ws0FQ6vK1IYtpSs6qHB0FMkZpK7VH55U1lpD4OidtBYaAfTb880bv_Wpbxw9T71b7Z-EPZnxaOA</recordid><startdate>201304</startdate><enddate>201304</enddate><creator>Bar, Arian</creator><creator>Paciello, Antonio</creator><creator>Romirer-Maierhofer, Peter</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201304</creationdate><title>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</title><author>Bar, Arian ; Paciello, Antonio ; Romirer-Maierhofer, Peter</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-f645bfa9359dbf152d8ca5b3225db683d5f5aa69b49e3de6bab5350c859b13ff3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Algorithm design and analysis</topic><topic>Clustering algorithms</topic><topic>Electronic mail</topic><topic>IP networks</topic><topic>Monitoring</topic><topic>Servers</topic><topic>Superluminescent diodes</topic><toplevel>online_resources</toplevel><creatorcontrib>Bar, Arian</creatorcontrib><creatorcontrib>Paciello, Antonio</creatorcontrib><creatorcontrib>Romirer-Maierhofer, Peter</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Bar, Arian</au><au>Paciello, Antonio</au><au>Romirer-Maierhofer, Peter</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network</atitle><btitle>2013 Proceedings IEEE INFOCOM</btitle><stitle>INFCOM</stitle><date>2013-04</date><risdate>2013</risdate><spage>3159</spage><epage>3164</epage><pages>3159-3164</pages><issn>0743-166X</issn><eissn>2641-9874</eissn><isbn>9781467359443</isbn><isbn>1467359440</isbn><eisbn>9781467359450</eisbn><eisbn>9781467359467</eisbn><eisbn>1467359467</eisbn><eisbn>1467359459</eisbn><abstract>In the last years, botnets have become one of the major sources of cyber-crime activities carried out via the public Internet. Typically, they may serve a number of different malicious activities such as Distributed Denial of Service (DDoS) attacks, email spam and phishing attacks. In this paper we validate the Domain Name System (DNS) failure graph approach presented earlier in [1]. In our work we apply this approach in an operational 3G mobile network serving a significantly larger user population.Based on the introduction of stable host identifiers we implement a novel approach to the tracking of botnets over a period of several weeks. Our results reveal the presence of several groups of hosts that are members of botnets. We analyze the host groups exhibiting the most suspicious behavior and elaborate on how these participate in botnets and other malicious activities. In the last part of this work we discuss how the accuracy of our detection approach could be improved in the future by correlating the knowledge obtained from applying our method in different networks.</abstract><pub>IEEE</pub><doi>10.1109/INFCOM.2013.6567131</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0743-166X
ispartof 2013 Proceedings IEEE INFOCOM, 2013, p.3159-3164
issn 0743-166X
2641-9874
language eng
recordid cdi_ieee_primary_6567131
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Algorithm design and analysis
Clustering algorithms
Electronic mail
IP networks
Monitoring
Servers
Superluminescent diodes
title Trapping botnets by DNS failure graphs: Validation, extension and application to a 3G network
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T14%3A23%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Trapping%20botnets%20by%20DNS%20failure%20graphs:%20Validation,%20extension%20and%20application%20to%20a%203G%20network&rft.btitle=2013%20Proceedings%20IEEE%20INFOCOM&rft.au=Bar,%20Arian&rft.date=2013-04&rft.spage=3159&rft.epage=3164&rft.pages=3159-3164&rft.issn=0743-166X&rft.eissn=2641-9874&rft.isbn=9781467359443&rft.isbn_list=1467359440&rft_id=info:doi/10.1109/INFCOM.2013.6567131&rft_dat=%3Cieee_6IE%3E6567131%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9781467359450&rft.eisbn_list=9781467359467&rft.eisbn_list=1467359467&rft.eisbn_list=1467359459&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6567131&rfr_iscdi=true