Collecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment

Author:
Napoleon C. Paxton, Gail-Joon Ahn, Richard Kelly, Kevin Pearson, Bei-Tseng Chu
File Size:
156.03 kB
Date:
01 July 2007
Downloads:
1025 x

Networks of compromised machines called botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective in dealing with new unknown bots. By slightly modifying the code of an existing bot, bot commanders can bypass most signature based mechanisms. We believe that by analyzing bot traffic for malicious patterns, it is possible to develop a taxonomy of bot characteristics and in turn use these characteristics to develop risks which will ultimately be used in the decision making process of allowing or blocking traffic.

Collecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment