Chaoge Liu, Weiqing Lu, Zhiqi Zhang, Peng Liao, Xiang Cui
{"title":"一个可恢复的混合型C&C僵尸网络","authors":"Chaoge Liu, Weiqing Lu, Zhiqi Zhang, Peng Liao, Xiang Cui","doi":"10.1109/MALWARE.2011.6112334","DOIUrl":null,"url":null,"abstract":"In this paper, we introduce the possible design of such a botnet called CoolBot which exploits a novel hybrid command and control (C&C) structure — hybrid P2P and URL Flux. The proposed CoolBot would have extremely desirable features — robustness and recoverability, that is, it could not only defend against popular attacks such as Sybil and routing table pollution attack but also could recover its C&C channel in a tolerable delay in case most of critical resources are destroyed, which promise to be appealing for botmasters. Our preliminary results show that the design of CoolBot is feasible and hard to defend against, consequently posing potential threat for Internet security. The goal of our work is to increase the understanding of advanced botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat.","PeriodicalId":375300,"journal":{"name":"2011 6th International Conference on Malicious and Unwanted Software","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"A recoverable hybrid C&C botnet\",\"authors\":\"Chaoge Liu, Weiqing Lu, Zhiqi Zhang, Peng Liao, Xiang Cui\",\"doi\":\"10.1109/MALWARE.2011.6112334\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we introduce the possible design of such a botnet called CoolBot which exploits a novel hybrid command and control (C&C) structure — hybrid P2P and URL Flux. The proposed CoolBot would have extremely desirable features — robustness and recoverability, that is, it could not only defend against popular attacks such as Sybil and routing table pollution attack but also could recover its C&C channel in a tolerable delay in case most of critical resources are destroyed, which promise to be appealing for botmasters. Our preliminary results show that the design of CoolBot is feasible and hard to defend against, consequently posing potential threat for Internet security. The goal of our work is to increase the understanding of advanced botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat.\",\"PeriodicalId\":375300,\"journal\":{\"name\":\"2011 6th International Conference on Malicious and Unwanted Software\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 6th International Conference on Malicious and Unwanted Software\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2011.6112334\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 6th International Conference on Malicious and Unwanted Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2011.6112334","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this paper, we introduce the possible design of such a botnet called CoolBot which exploits a novel hybrid command and control (C&C) structure — hybrid P2P and URL Flux. The proposed CoolBot would have extremely desirable features — robustness and recoverability, that is, it could not only defend against popular attacks such as Sybil and routing table pollution attack but also could recover its C&C channel in a tolerable delay in case most of critical resources are destroyed, which promise to be appealing for botmasters. Our preliminary results show that the design of CoolBot is feasible and hard to defend against, consequently posing potential threat for Internet security. The goal of our work is to increase the understanding of advanced botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
