2 research outputs found
The Dorothy project : an open botnet analysis framework for automatic tracking and activity visualization
Botnets, networks of compromised machines
remotely controlled and instructed to work in a coordinated fashion, have had an epidemic diffusion over the Internet and represent one of today's most insidious threat. In this paper, we present an open framework called Dorothy that permits to monitor the activity of a botnet. We propose to characterize a botnet behavior through a set of parameters and a graphical representation. In a case study, we infiltrated and monitored a botnet named siwa collecting information about its functional
structure, geographical distribution, communication mechanisms, command language and operations
A First Step Towards Characterizing Stealthy Botnets
Botnets have become a top cyber threat. Existing studies on botnets have mainly focused on showing how to exploit certain characteristics of existing botnets to detect them. However, such detection mechanisms could be defeated by stealthy botnets that are designed to evade them. Therefore, it is important to understand the power of stealthy botnets so as to answer questions such as: What kinds of stealth techniques can survive what kinds of detection mechanisms? Towards the ultimate goal, this paper makes a first step with the aim to build fundamental understandings of stealthy botnet Command and Control (C&C)