BotTracer: Execution-Based Bot-Like Malware Detection

Lei Liu, Songqing Chen, Guanhua Yan and Zhao Zhang

View Related Documents

Book Chapter
Decentralized Peer-to-Peer Botnet Architectures
Brent ByungHoon Kang and Chris Nunnery
Studies in Computational Intelligence, 2009, Volume 251, Advances in Information and Intelligent Systems, Pages 251-264
- Download PDF (291.4 KB)
Book Chapter
Using Virtualization to Create and Deploy Computer Security Lab Exercises
Brian Hay, Ronald Dodge and Kara Nance
IFIP International Federation for Information Processing, 2008, Volume 278, Proceedings of The Ifip Tc 11 23^rd International Information Security Conference, Pages 621-635
- Download PDF (341.4 KB)
Journal Article
Internet attacks monitoring with dynamic connection redirection mechanisms
Éric Alata, Ion Alberdi, Vincent Nicomette, Philippe Owezarski and Mohamed Kaâniche
Journal in Computer Virology, 2008, Volume 4, Number 2, Pages 127-136
- Download PDF (474.6 KB)
Book Chapter
Automatically Generating Models for Botnet Detection
Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel and Christopher Kruegel, et al.
Lecture Notes in Computer Science, 2009, Volume 5789, Computer Security – ESORICS 2009, Pages 232-249
- Download PDF (247.0 KB)
Book Chapter
Traffic Aggregation for Malware Detection
Ting-Fang Yen and Michael K. Reiter
Lecture Notes in Computer Science, 2008, Volume 5137, Detection of Intrusions and Malware, and Vulnerability Assessment, Pages 207-227
- Download PDF (601.0 KB)
Book Chapter
A Labeled Data Set for Flow-Based Intrusion Detection
Anna Sperotto, Ramin Sadre, Frank van Vliet and Aiko Pras
Lecture Notes in Computer Science, 2009, Volume 5843, IP Operations and Management, Pages 39-50
- Download PDF (260.5 KB)
Book Chapter
Visual Analysis of Network Flow Data with Timelines and Event Plots
D. Phan, J. Gerth, M. Lee, A. Paepcke and T. Winograd
Mathematics and Visualization, 2008, VizSEC 2007, Pages 85-99
- Download PDF (369.5 KB)
Book Chapter
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
Abhinav Srivastava and Jonathon Giffin
Lecture Notes in Computer Science, 2008, Volume 5230, Recent Advances in Intrusion Detection, Pages 39-58
- Download PDF (1.4 MB)
Book Chapter
Virtualization
Sander van Vugt
2009, Pro Linux System Administration, Part 2, Pages 989-1024
- Download PDF (1.3 MB)
Journal Article
WOW: Self-organizing Wide Area Overlay Networks of Virtual Workstations
A. Ganguly, A. Agrawal, P. O. Boykin and R. J. Figueiredo
Journal of Grid Computing, 2007, Volume 5, Number 2, Pages 151-172
- Download PDF (621.7 KB)
- View HTML

Abstract

Bot-like malware has posed an immense threat to computer security. Bot detection is still a challenging task since bot developers are continuously adopting advanced techniques to make bots more stealthy. A typical bot exhibits three invariant features along its onset: (1) the startup of a bot is automatic without requiring any user actions; (2) a bot must establish a command and control channel with its botmaster; and (3) a bot will perform local or remote attacks sooner or later. These invariants indicate three indispensable phases (startup, preparation, and attack) for a bot attack. In this paper, we propose BotTracer to detect these three phases with the assistance of virtual machine techniques. To validate BotTracer, we implement a prototype of BotTracer based on VMware and Windows XP Professional. The results show that BotTracer has successfully detected all the bots in the experiments without any false negatives.

Keywords Botnet - malware detection - virtual machine

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

BotTracer: Execution-Based Bot-Like Malware Detection

View Related Documents

Abstract

Fulltext Preview