Your Botnet is My Botnet: Analysis of a Botnet Takeover

机译：您的僵尸网络是我的僵尸网络：分析僵尸网络收购

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this paper, we report on our efforts to take control of the Torpig botnet and study its operations for a period of ten days. During this time, we observed more than 180 thousand infections and recorded almost 70 GB of data that the bots collected. While botnets have been "hijacked" and studied previously, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of data from the infected victims. This data provides a new understanding of the type and amount of personal information that is stolen by botnets.

机译：僵尸网络，由对手控制的恶意软件感染机器的网络是互联网上大量安全问题的根本原因。一种特别复杂的和绝对的机器人类型是Torpig，一个恶意软件程序，旨在从受害者收获敏感信息（如银行账户和信用卡数据）。在本文中，我们报告了我们努力控制Torpig Botnet并研究其运营为期十天。在此期间，我们观察到超过18万感染，并记录了机器人收集的近70 GB的数据。虽然僵尸网络已经“被劫持”并以前研究，但Torpig僵尸网络表现出某些属性，以便分析数据特别有趣。首先，可以（具有合理的准确性）来识别唯一的机器人感染，并将该号码与联系我们的命令和控制服务器的超过120万个IP地址相关联。其次，Torpig僵尸网络大，目标是各种应用，从受感染的受害者中收集丰富而多样化的数据集。此数据提供了对被僵尸网络窃取的个人信息的类型和数量的新了解。

著录项

来源
《Association for Computing Machinery Conference on Computer and Communications Security》|2009年||共14页
会议地点
作者
Brett Stone-Gross; Marco Cova; Lorenzo Cavallaro; Bob Gilbert; Martin Szydlowski; Richard Kemmerer; Christopher Kruegel; Giovanni Vigna;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP309-53;
关键词
Botnet; Malware; Measurement; Security; Torpig;

机译：僵尸网络;恶意软件;测量;安全;托皮格;

相似文献

外文文献
中文文献
专利

1. Mobile botnets meet social networks: design and analysis of a new type of botnet [J] . Faghani Mohammad R., Nguyen Uyen T. International Journal of Information Security . 2019,第4期

机译：移动僵尸网络符合社交网络：对新型僵尸网络的设计和分析
2. DReLAB - Deep REinforcement Learning Adversarial Botnet: A benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems [J] . Andrea Venturi, Giovanni Apruzzese, Mauro Andreolini, Data in Brief . 2021,第3期

机译：DRELAB - 深度加强学习对抗僵尸网络：用于对僵尸网络入侵检测系统进行对抗性攻击的基准数据集
3. IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers [J] . Zhang Xiaolu, Upton Oren, Beebe Nicole Lang, Digital investigation . 2020,第Apra期

机译：IOT Botnet取证：Mirai Botnet服务器的全面数字法医案例研究
4. Your Botnet is My Botnet: Analysis of a Botnet Takeover [C] . Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Association for Computing Machinery Conference on Computer and Communications Security . 2009

机译：您的僵尸网络是我的僵尸网络：分析僵尸网络收购
5. Covert botnet implementation and defense against covert botnets. [D] . Babu Ramesh Babu, Lokesh. 2009

机译：秘密僵尸网络的实现和防御秘密僵尸网络。
6. DReLAB - Deep REinforcement Learning Adversarial Botnet: A benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems [O] . Andrea Venturi, Giovanni Apruzzese, Mauro Andreolini, 2021

机译：DRELAB - 深度加强学习对抗僵尸网络：用于对僵尸网络入侵检测系统进行对抗性攻击的基准数据集
7. A Comprehensive Analysis on Current Botnet Weaknesses and Improving the Security Performance on Botnet Monitoring and Detection in Peer-to-Peer Botnet [O] . Sivakumar Kalimuthu, Kannan Ponkoodanlingam, Premylla Jeremiah, 2016

机译：当前僵尸网络弱点的综合分析，对等僵尸网络僵局监控和检测安全性能
8. How Can Botnets Cause Storms. Understanding the Evolution and Impact of Mobile Botnets. [R] . Lu, Z., Wang, W., Wang, C. 2014

机译：僵尸网络如何引发风暴。了解移动僵尸网络的演变和影响。

Your Botnet is My Botnet: Analysis of a Botnet Takeover

摘要

著录项

相似文献

相关主题

期刊订阅