{"title":"蜜罐感知高级僵尸网络构建与维护","authors":"C. Zou, Ryan Cunningham","doi":"10.1109/DSN.2006.38","DOIUrl":null,"url":null,"abstract":"Because \"botnets\" can be used for illicit financial gain, they have become quite popular in recent Internet attacks. \"Honeypots\" have been successfully deployed in many defense systems. Thus, attackers constructing and maintaining botnets are forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have liability constraints such that they cannot allow their honeypots to participate in real (or too many real) attacks. Based on this assumption, attackers can detect honeypots in their botnet by checking whether the compromised machines in the botnet can successfully send out unmodified malicious traffic to attackers' sensors or whether the bot controller in their botnet can successfully relay potential attack commands. In addition, we present a novel \"two-stage reconnaissance\" worm that can automatically construct a peer-to-peer structured botnet and detect and remove infected honeypots during its propagation stage. Finally, we discuss some guidelines for defending against the general honeypot-aware attacks","PeriodicalId":228470,"journal":{"name":"International Conference on Dependable Systems and Networks (DSN'06)","volume":"138 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"150","resultStr":"{\"title\":\"Honeypot-Aware Advanced Botnet Construction and Maintenance\",\"authors\":\"C. Zou, Ryan Cunningham\",\"doi\":\"10.1109/DSN.2006.38\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Because \\\"botnets\\\" can be used for illicit financial gain, they have become quite popular in recent Internet attacks. \\\"Honeypots\\\" have been successfully deployed in many defense systems. Thus, attackers constructing and maintaining botnets are forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have liability constraints such that they cannot allow their honeypots to participate in real (or too many real) attacks. Based on this assumption, attackers can detect honeypots in their botnet by checking whether the compromised machines in the botnet can successfully send out unmodified malicious traffic to attackers' sensors or whether the bot controller in their botnet can successfully relay potential attack commands. In addition, we present a novel \\\"two-stage reconnaissance\\\" worm that can automatically construct a peer-to-peer structured botnet and detect and remove infected honeypots during its propagation stage. Finally, we discuss some guidelines for defending against the general honeypot-aware attacks\",\"PeriodicalId\":228470,\"journal\":{\"name\":\"International Conference on Dependable Systems and Networks (DSN'06)\",\"volume\":\"138 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"150\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Dependable Systems and Networks (DSN'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN.2006.38\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Dependable Systems and Networks (DSN'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2006.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Honeypot-Aware Advanced Botnet Construction and Maintenance
Because "botnets" can be used for illicit financial gain, they have become quite popular in recent Internet attacks. "Honeypots" have been successfully deployed in many defense systems. Thus, attackers constructing and maintaining botnets are forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have liability constraints such that they cannot allow their honeypots to participate in real (or too many real) attacks. Based on this assumption, attackers can detect honeypots in their botnet by checking whether the compromised machines in the botnet can successfully send out unmodified malicious traffic to attackers' sensors or whether the bot controller in their botnet can successfully relay potential attack commands. In addition, we present a novel "two-stage reconnaissance" worm that can automatically construct a peer-to-peer structured botnet and detect and remove infected honeypots during its propagation stage. Finally, we discuss some guidelines for defending against the general honeypot-aware attacks
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
