№1, 2017
БОТНЕТЫ И МЕТОДЫ ИХ ОБНАРУЖЕНИЯ
Ботнеты занимают важное место в инфраструктура кибератак, иногда в этой сети участвуют миллионы компьютеров. Ботнет представляет собой сеть из зараженных компьютеров и серверов C&C, которые управляются ботмастерами. Ботнеты постоянно развиваются, структуры, используемые протоколы, методы заражения, цель атаки постоянно меняются. В статье были исследованы архитектура, классификация по разным критериям и методы обнаружения ботнетов (стр.100-111).
Ключевые слова: ботнет, C&C серверы, honeypot, DDoS атаки, методы обнаружения ботнетов.
DOI : 10.25045/jpit.v08.i1.11
Литература
- Liu J., Xiao Y., Ghaboosi K., Deng H., Zhang J. Botnet: classification, attacks, detection, tracing, and preventive measures // EURASIP Journal on Wireless Communications and Networking, 2009, pp.1–12.
- Li C., Jiang W., Zou X. Botnet: survey and case study / Proc. of the 4th International Conference on Innovative Computing, Information and Control, 2009, pp.1184–1187.
- McKewan A. Botnets – zombies get smarter // Network Security, 2006, vol.2006, no.6, 18–20.
- Schiller C.A., Binkley J., Evron G., Willems C., Bradley T., Harley D., Cross M. Botnets: the killer web app. Syngress, 2007, 480 p.
- Rodrigues N., Sousa R., Ferreira P.S., Nogueira A.M. Characterization and modeling of top spam botnets // Network Protocols and Algorithms, 2012, vol.4, no.4, pp.1–26.
- Silva S.S., Silva R.M., Pinto R.C., Salles R.M. Botnets: A survey // Computer Networks, 2013, vol.57, no.2, pp.378–403.
- Feily M., Shahrestani A., Ramadass S. A survey of botnet and botnet detection / Proc. of the 3rd International Conference on Emerging Security Information, Systems and Technologies, 2009, pp.268–273.
- Zeidanloo H., Manaf A. Botnet command and control mechanisms / of the 2nd International Conference on Computer and Electrical Engineering (ICCEE’09), 2009, vol.1, pp.564–5683.
- TrendMicro. Taxonomy of botnet threats. Technical Report, 2006. http://www.cs.ucsb.edu/ kemm/courses/cs595G/TM06.pdf
- Rodríguez-Gómez R.A., Maciá-Fernández G., García-Teodoro P., Steiner M., Balzarotti D. Resource monitoring for the detection of parasite P2P botnets // Computer Networks, 2014, vol.70, pp.302–311.
- Singh K., Guntuku S. C., Thakur A., Hota C. Big Data Analytics framework for peer-to-peer botnet detection using Random Forests // Information Sciences, 2014, vol.278, pp.488–197.
- Sharifnya R., Abadi M. DFBotKiller: Domain-flux botnet detection based on the history of group activities and failures in DNS traffic // Digital Investigation, 2015, vol.12, pp.15–26.
- OpenDNS Security Whitepaper. The role of DNS in botnet command & control. http://info. opendns.com/rs/opendns/images/OpenDNS_SecurityWhitepaper DNSRoleInBotnets.pdf
- Jabez J., Muthukumar B. Intrusion Detection System (IDS): Anomaly detection using outlier detection approach // Procedia Computer Science, 2015, vol.48, pp.338–146.
- Kacha C., Shevade K.A. Comparison of different intrusion detection and prevention systems // International Journal of Emerging Technology and Advanced Engineering, 2012, vol.2, no.12, pp.243–245.
- Zeng Y., Hu X., Shin K. Detection of botnets using combined host and network level information / IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2010, pp.291–300.
- Zeng Y. On detection of current and next-generation botnets. Ph.D. thesis. The University of Michigan, January 2012.
- Zhao D., Traore I., Sayed B., Lu W., Saad S., Ghorbani A., Garant D. Botnet detection based on traffic behavior analysis and flow intervals // Computers &Security, 2013, vol.39, part A, pp.2–16.
- Stevanovic M., Pedersen J.M. Machine learning for identifying botnet network traffic, Aalborg Universitet, Technical Report, 2013, 29 p.
- Gu G., Perdisci R., Zhang J., Lee W. Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection / Proc. of the 17th Conference on Security Symposium, 2008, pp.139–154.
- Choi H., Lee H. Identifying botnets by capturing group activities in DNS traffic // Journal of Computer Networks, 2011, vol.56, pp.20–33.
- Gu G., Zhang J., Lee W. BotSniffer: detecting botnet command and control channels in network traffic / Proc. of the 15th Network and Distributed System Security Symposium (NDSS), 2008, pp.1–18.
- Gu G., Porras P., Yegneswaran V., Fong M., Lee W. BotHunter: Detecting malware infection through IDS-driven dialog correlation / Usenix Security, 2007, vol.7, pp.1–16.
- Shin S., Xu Z., Gu G. EFFORT: Efficient and effective bot malware detection / Proc. of the 31th Annual IEEE Conference on Computer Communications (INFOCOM’12) Mini-Conference, 2012, pp.71–80.
- Masud M., Khan L., Thuraisingham B. Data Mining Tools for Malware Detection. Taylor & Francis Group, 2011.
- Dua S., Du X. Data Mining and Machine Learning in Cybersecurity, CRC Press, 2011, 248 p.
- Aviv A. J., Haeberlen A. Challenges in experimenting with botnet detection systems / Proc. of the 4th Conference on Cyber Security Experimentation and Test (CSET’11), 2011, pp.6.