Active-probing based distributed malware master detection system
Nowadays, botnet is still a kind of severe threat on the Internet. It wastes lots of time for traditional passive monitoring approaches to collect enough evidence, to detect and react. Only after real malicious activities occur can we find the existence of botnet. An active probing approach was prop...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2013-08-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.z1.026/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539817100279808 |
|---|---|
| author | Cheng-xiang SI Bo SUN Wen-han YANG Hui-lin ZHANG Xiao-nan XUE |
| author_facet | Cheng-xiang SI Bo SUN Wen-han YANG Hui-lin ZHANG Xiao-nan XUE |
| author_sort | Cheng-xiang SI |
| collection | DOAJ |
| description | Nowadays, botnet is still a kind of severe threat on the Internet. It wastes lots of time for traditional passive monitoring approaches to collect enough evidence, to detect and react. Only after real malicious activities occur can we find the existence of botnet. An active probing approach was proposed based on botnet controller's communication pro-tocol fingerprint. Botnet samples including client and server were analyzed and the command and control protocol of the botnet were collected. The communication protocol fingerprint was also extracted from controller's response message and the host on the Internet was scanned with the communication protocol fingerprint. Active Spear active probing system was designed and implemented based on the approach. The system employs distributed architecture and IP used in the scanning is dynamic. The system supports to scan many botnets owning different types of protocols as their command and control protocols. The functional verification in the testing environment proves the effectiveness of the approach and the evaluation to scanning efficiency in the real network environment shows the ability that the system can finish task of scanning a large scale of IP section in an acceptable time. |
| format | Article |
| id | doaj-art-7dca3ce6b2574f7fb7864b17dbc67d61 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2013-08-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-7dca3ce6b2574f7fb7864b17dbc67d612025-01-14T06:41:58ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2013-08-013419720659677375Active-probing based distributed malware master detection systemCheng-xiang SIBo SUNWen-han YANGHui-lin ZHANGXiao-nan XUENowadays, botnet is still a kind of severe threat on the Internet. It wastes lots of time for traditional passive monitoring approaches to collect enough evidence, to detect and react. Only after real malicious activities occur can we find the existence of botnet. An active probing approach was proposed based on botnet controller's communication pro-tocol fingerprint. Botnet samples including client and server were analyzed and the command and control protocol of the botnet were collected. The communication protocol fingerprint was also extracted from controller's response message and the host on the Internet was scanned with the communication protocol fingerprint. Active Spear active probing system was designed and implemented based on the approach. The system employs distributed architecture and IP used in the scanning is dynamic. The system supports to scan many botnets owning different types of protocols as their command and control protocols. The functional verification in the testing environment proves the effectiveness of the approach and the evaluation to scanning efficiency in the real network environment shows the ability that the system can finish task of scanning a large scale of IP section in an acceptable time.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.z1.026/Botnetserveractive probedistributed systemprotocol analysis |
| spellingShingle | Cheng-xiang SI Bo SUN Wen-han YANG Hui-lin ZHANG Xiao-nan XUE Active-probing based distributed malware master detection system Tongxin xuebao Botnet server active probe distributed system protocol analysis |
| title | Active-probing based distributed malware master detection system |
| title_full | Active-probing based distributed malware master detection system |
| title_fullStr | Active-probing based distributed malware master detection system |
| title_full_unstemmed | Active-probing based distributed malware master detection system |
| title_short | Active-probing based distributed malware master detection system |
| title_sort | active probing based distributed malware master detection system |
| topic | Botnet server active probe distributed system protocol analysis |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.z1.026/ |
| work_keys_str_mv | AT chengxiangsi activeprobingbaseddistributedmalwaremasterdetectionsystem AT bosun activeprobingbaseddistributedmalwaremasterdetectionsystem AT wenhanyang activeprobingbaseddistributedmalwaremasterdetectionsystem AT huilinzhang activeprobingbaseddistributedmalwaremasterdetectionsystem AT xiaonanxue activeprobingbaseddistributedmalwaremasterdetectionsystem |