Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets
Tweet

connect with us

The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets

Abstract: 

Global Internet threats are undergoing a profound transformation from attacks designed solely to disable infrastructure to those that also target people and organizations. Behind these new attacks is a large pool of compromised hosts sitting in homes, schools, businesses, and governments around the world. These systems are infected with a bot that communicates with a bot controller and other bots to form what is commonly referred to as a zombie army or botnet. Botnets are a very real and quickly evolving problem that is still not well understood or studied. In this paper we outline the origins and structure of bots and botnets and use data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today. We then study the effectiveness of detecting botnets by directly monitoring IRC communication or other command and control activity and show a more comprehensive approach is required. We conclude by describing a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.

Evan Cooke, University of Michigan

Farnam Jahanian, University of Michigan and Arbor Networks

BibTeX
@inproceedings {269276,
author = {Evan Cooke and Farnam Jahanian},
title = {The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets},
booktitle = {Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI 05)},
year = {2005},
address = {Cambridge, MA},
url = {https://www.usenix.org/conference/sruti-05/zombie-roundup-understanding-detecting-and-disrupting-botnets},
publisher = {USENIX Association},
month = jul,
}
Download

Links

Paper: 
http://usenix.org/publications/library/proceedings/sruti05/tech/full_papers/cooke/cooke.pdf
Paper (HTML): 
http://usenix.org/publications/library/proceedings/sruti05/tech/full_papers/cooke/cooke_html/index.html
Slides: 
http://usenix.org/publications/library/proceedings/sruti05/tech/talks/cooke.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us