A survey on latest botnet attack and defense

Lei Zhang; Shui Yu; Di Wu; Paul Watters

doi:10.1109/TrustCom.2011.11

A survey on latest botnet attack and defense

Lei Zhang^*, Shui Yu, Di Wu, Paul Watters

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

51 Citations (Scopus)

Abstract

A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

Original language	English
Title of host publication	Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011)
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	53-60
Number of pages	8
ISBN (Print)	9780769546001
DOIs	https://doi.org/10.1109/TrustCom.2011.11
Publication status	Published - 2011
Externally published	Yes
Event	10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), 6th International Conference on Frontier of Computer Science and Technology (FCST 2011) - Changsha, China Duration: 16 Nov 2011 → 18 Nov 2011

Other

Other	10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), 6th International Conference on Frontier of Computer Science and Technology (FCST 2011)
Country/Territory	China
City	Changsha
Period	16/11/11 → 18/11/11

Keywords

Botnet
Domain Fluxing
Fast Fluxing
Survey

Access to Document

10.1109/TrustCom.2011.11

Cite this

Zhang, L., Yu, S., Wu, D., & Watters, P. (2011). A survey on latest botnet attack and defense. In Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011) (pp. 53-60). Article 6120803 Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/TrustCom.2011.11

Zhang, Lei ; Yu, Shui ; Wu, Di et al. / A survey on latest botnet attack and defense. Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011). Institute of Electrical and Electronics Engineers (IEEE), 2011. pp. 53-60

@inproceedings{827a863064c24ad99f090285a6644668,

title = "A survey on latest botnet attack and defense",

abstract = "A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.",

keywords = "Botnet, Domain Fluxing, Fast Fluxing, Survey",

author = "Lei Zhang and Shui Yu and Di Wu and Paul Watters",

year = "2011",

doi = "10.1109/TrustCom.2011.11",

language = "English",

isbn = "9780769546001",

pages = "53--60",

booktitle = "Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011)",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), 6th International Conference on Frontier of Computer Science and Technology (FCST 2011) ; Conference date: 16-11-2011 Through 18-11-2011",

}

Zhang, L, Yu, S, Wu, D & Watters, P 2011, A survey on latest botnet attack and defense. in Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011)., 6120803, Institute of Electrical and Electronics Engineers (IEEE), pp. 53-60, 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), 6th International Conference on Frontier of Computer Science and Technology (FCST 2011), Changsha, China, 16/11/11. https://doi.org/10.1109/TrustCom.2011.11

A survey on latest botnet attack and defense. / Zhang, Lei; Yu, Shui; Wu, Di et al.
Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011). Institute of Electrical and Electronics Engineers (IEEE), 2011. p. 53-60 6120803.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - A survey on latest botnet attack and defense

AU - Zhang, Lei

AU - Yu, Shui

AU - Wu, Di

AU - Watters, Paul

PY - 2011

Y1 - 2011

N2 - A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

AB - A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

KW - Botnet

KW - Domain Fluxing

KW - Fast Fluxing

KW - Survey

UR - https://www.scopus.com/pages/publications/84862975193

U2 - 10.1109/TrustCom.2011.11

DO - 10.1109/TrustCom.2011.11

M3 - Conference proceeding contribution

AN - SCOPUS:84862975193

SN - 9780769546001

SP - 53

EP - 60

BT - Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011)

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), 6th International Conference on Frontier of Computer Science and Technology (FCST 2011)

Y2 - 16 November 2011 through 18 November 2011

ER -

Zhang L, Yu S, Wu D, Watters P. A survey on latest botnet attack and defense. In Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), 8th IEEE International Conference on Embedded Software and Systems (ICESS 2011), and 6th International Conference on Frontier of Computer Science and Technology (FCST 2011). Institute of Electrical and Electronics Engineers (IEEE). 2011. p. 53-60. 6120803 doi: 10.1109/TrustCom.2011.11

A survey on latest botnet attack and defense

Abstract

Other

Keywords

Access to Document

Other files and links

Fingerprint

Cite this