Filters








146 Hits in 2.4 sec

A Large-Scale Empirical Study of Conficker

Seungwon Shin, Guofei Gu, Narasimha Reddy, Christopher P. Lee
2012 IEEE Transactions on Information Forensics and Security  
In this paper, we analyze Conficker infections at a large scale, about 25 millions victims, and study various interesting aspects about this state-of-the-art malware.  ...  We show that neighborhood watch is a surprisingly effective approach in the case of Conficker.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research, the National Science  ... 
doi:10.1109/tifs.2011.2173486 fatcat:obyxvwgpvfexxb73iyvzzfztga

Post-Mortem of a Zombie: Conficker Cleanup After Six Years

Hadi Asghari, Michael Ciere, Michel J. G. van Eeten
2015 USENIX Security Symposium  
Much less is known about the effectiveness of large-scale efforts to clean up infected machines.  ...  We analyze longitudinal data from the sinkhole of Conficker, one the largest botnets ever seen, to assess the impact of what has been emerging as a best practice: national anti-botnet initiatives that  ...  Acknowledgment The authors would like to explicitly thank Chris Lee, Paul Vixie and Eric Ziegast for providing us with access to the Conficker sinkhole and supporting our research.  ... 
dblp:conf/uss/AsghariCE15 fatcat:vp4spgjgonfpvbaj3rc6hgbo4u

A Probabilistic Population Study of the Conficker-C Botnet [chapter]

Rhiannon Weaver
2010 Lecture Notes in Computer Science  
We apply the model to observed data from Conficker-C scans sent over a 51-day period (March 5th through April 24th, 2009) to a large private network.  ...  For an observer with access to a proportion δ of monitored IPv4 space, we derive the distribution of the number of times a single infected host is observed scanning the monitored space, based on a study  ...  As a result, Conficker-C P2P traffic can be observed with high reliability in the large-scale summary information contained in network flow data, making it a good candidate for behavioral modeling.  ... 
doi:10.1007/978-3-642-12334-4_19 fatcat:aa2u6z7kufbirktezq7baqfg6u

Cross-Analysis of Botnet Victims: New Insights and Implications [chapter]

Seungwon Shin, Raymond Lin, Guofei Gu
2011 Lecture Notes in Computer Science  
In this paper, we analyze a large amount of infection data for three major botnets: Conficker, MegaD, and Srizbi.  ...  We provide an in-depth passive and active measurement study to have a fine-grained view of the similarities and differences for the two infection types.  ...  Measurement studies of the Type II botnet were also conducted. In [6] , Mori et al. performed a large scale empirical study of the Srizbi botnet.  ... 
doi:10.1007/978-3-642-23644-0_13 fatcat:k3bmr5q65bfllkplaoiubfblpm

Automatic generation of vaccines for malware immunization

Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
We evaluate AGAMI on a large set of real-world malware samples and successfully extract working vaccines for many families such as Conficker and Zeus.  ...  We provide the first systematic study towards this direction and present a prototype system, AGAMI, for automatic generation of vaccines for malware immunization.  ...  Interestingly, if we look at the case of pandemic diseases that can infect a large-scale human bodies, an effective and successful defense against known notorious diseases is vaccine.  ... 
doi:10.1145/2382196.2382317 dblp:conf/ccs/XuZGL12 fatcat:evihnfpd2jas5ot73qtdr45ina

Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

Ilju Seo, Heejo Lee, Seung Chul Han
2014 Computers & security  
Graph isomorphism Visual signature a b s t r a c t The botnets are one of the most dangerous species of network-based attack.  ...  They cause severe network disruptions through massive coordinated attacks nowadays and the results of this disruption frequently cost enterprises large sums in financial losses.  ...  Acknowledgments This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MEST) (2012M3A2A1051118, 2012-0005552, 2011-0015187, 2011-0003930, 2010  ... 
doi:10.1016/j.cose.2014.07.007 fatcat:eo3o4mazyzgcdoxhac5bl5fo4e

From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware

Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, David Dagon
2012 USENIX Security Symposium  
As a response, botmasters have begun employing domain generation algorithms (DGAs) to dynamically produce a large number of random domain names and select a small subset for actual C&C use.  ...  We implemented a prototype system and evaluated it on real-world DNS traffic obtained from large ISPs in North America. We report the discovery of twelve DGAs.  ...  local network, they do not scale well to the overwhelming volume of traffic typical of large ISP environments.  ... 
dblp:conf/uss/AntonakakisPNVALD12 fatcat:q66byshhsvfpfd5xxj4a4clix4

Characterizing Internet Worm Infection Structure [article]

Qian Wang, Zesheng Chen, Chao Chen
2010 arXiv   pre-print
Finally, we apply our findings to develop bot detection methods and study potential countermeasures for a botnet (e.g., Conficker C) that uses scan-based peer discovery to form a P2P-based botnet.  ...  As a result, on average half of infected hosts never compromise any vulnerable host, over 98% of infected hosts have no more than five children, and a small portion of infected hosts have a large number  ...  Specifically, we study a simple and efficient bot detection method in a Conficker C like P2P-based botnet and consider a countermeasure by future botnets.  ... 
arXiv:1001.1195v2 fatcat:vqguuiafzvavjhijcwjol5wdeq

Evaluating the Impact of AbuseHUB on Botnet Mitigation [article]

Michel van Eeten, Qasim Lone, Giovane Moura, Hadi Asghari, Maciej Korczyński
2016 arXiv   pre-print
This documents presents the final report of a two-year project to evaluate the impact of AbuseHUB, a Dutch clearinghouse for acquiring and processing abuse data on infected machines.  ...  The report was commissioned by the Netherlands Ministry of Economic Affairs, a co-funder of the development of AbuseHUB.  ...  Although Conficker has managed to replicate very successfully, with around several million active bots at any given moment, it has not been used for any large-scale malicious purposes -or at least no such  ... 
arXiv:1612.03101v1 fatcat:mfomd2cw45c53lk3edgtg5p2cu

An Internet-Wide View of Internet-Wide Scanning

Zakir Durumeric, Michael Bailey, J. Alex Halderman
2014 USENIX Security Symposium  
In this work, we analyze data from a large network telescope to study scanning activity from the past year, uncovering large horizontal scan operations and identifying broad patterns in scanning behavior  ...  While it is widely known that port scanning is widespread, neither the scanning landscape nor the defensive reactions of network operators have been measured at Internet scale.  ...  The authors thank Michael Kallitsis and Manish Karir of Merit Network for helping facilitate our darknet analysis.  ... 
dblp:conf/uss/DurumericBH14 fatcat:xadw5ahzdnes3njosd4thksfvy

Towards a taxonomy of darknet traffic

Jun Liu, Kensuke Fukuda
2014 2014 International Wireless Communications and Mobile Computing Conference (IWCMC)  
We thus propose a simple but effective taxonomy of darknet traffic, on the basis of observations, and evaluate it on real darknet traces covering six years.  ...  Our interest lies, however, in how darknets have evolved since those works and the effectiveness of a darknet taxonomy for real longrange traffic.  ...  Darknet traffic can be used to track such security-related activities on a global scale.  ... 
doi:10.1109/iwcmc.2014.6906329 dblp:conf/iwcmc/LiuF14 fatcat:7g52jpaovrf5dioiomaw6nofdq

Analysis of Country-Wide Internet Outages Caused by Censorship

Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, Antonio Pescape
2014 IEEE/ACM Transactions on Networking  
Our analysis relies on multiple sources of large-scale data already available to academic researchers: BGP interdomain routing control plane data; unsolicited data plane traffic to unassigned address space  ...  We were also able to observe surprisingly noticeable effects of such large scale censorship on ongoing global measurement activities, suggesting how similar events could be detected and/or documented in  ...  Antonio Pescapé has been partially supported by LINCE project of the FARO programme jointly financed by the Compagnia di San Paolo and by the Polo delle Scienze e delle Tecnologie of the University of  ... 
doi:10.1109/tnet.2013.2291244 fatcat:4oup7izelfbadf6jzj627rtblu

Analysis of country-wide internet outages caused by censorship

Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, Antonio Pescapé
2011 Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference - IMC '11  
Our analysis relies on multiple sources of large-scale data already available to academic researchers: BGP interdomain routing control plane data; unsolicited data plane traffic to unassigned address space  ...  We were also able to observe surprisingly noticeable effects of such large scale censorship on ongoing global measurement activities, suggesting how similar events could be detected and/or documented in  ...  Antonio Pescapé has been partially supported by LINCE project of the FARO programme jointly financed by the Compagnia di San Paolo and by the Polo delle Scienze e delle Tecnologie of the University of  ... 
doi:10.1145/2068816.2068818 dblp:conf/imc/DainottiSACCRP11 fatcat:parw7gleg5dvthxdbwflspve5a

When will my PLC support Mirai? The security economics of large-scale attacks against Internet-connected ICS devices

Michael Dodson, Alastair R. Beresford, Daniel R. Thomas
2020 2020 APWG Symposium on Electronic Crime Research (eCrime)  
We use a series of case studies to develop a security economics model for large-scale attacks against Internet-connected populations in general, and use it to explain both the current lack of interest  ...  We investigate the missing attacks against ICS, focusing on large-scale attacks enabled by Internet-connected populations.  ...  We developed the model by studying successful, large-scale attacks and empirically verified it using our end-to-end study of the Internet-connected ICS threat landscape.  ... 
doi:10.1109/ecrime51433.2020.9493257 fatcat:fm7igixwwbf7db663miuvbdhba

An Evaluation of Darknet Traffic Taxonomy

Jun Liu, Kensuke Fukuda
2018 Journal of Information Processing  
Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data.  ...  To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies.  ...  Later a careful inspection of packet payloads of suspicious ipSrcs helps identify Conficker according to Ref. [13] .  ... 
doi:10.2197/ipsjjip.26.148 fatcat:a2iqsmnzljghrantze5wunayq4
« Previous Showing results 1 — 15 out of 146 results