Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2009
ACM
2009
ACM
Automating analysis of large-scale botnet probing events
Botnets dominate today's attack landscape. In this work we investigate ways to analyze collections of malicious probing traffic in order to understand the significance of large-scale "botnet probes". In such events, an entire collection of remote hosts together probes the address space monitored by a sensor in some sort of coordinated fashion. Our goal is to develop methodologies by which sites receiving such probes can infer--using purely local observation-information about the probing activity: What scanning strategies does the probing employ? Is this an attack that specifically targets the site, or is the site only incidentally probed as part of a larger, indiscriminant attack? Our analysis draws upon extensive honeynet data to explore the prevalence of different types of scanning, including properties such as trend, uniformity, coordination, and darknet avoidance. In addition, we design schemes to extrapolate the global properties of scanning events (e.g., total pop...
Real-time TrafficCCS 2009 | Extensive Honeynet Data | Malicious Probing Traffic | Probing Activity | Security Privacy |
| Added | 23 Nov 2009 |
| Updated | 23 Nov 2009 |
| Type | Conference |
| Year | 2009 |
| Where | CCS |
| Authors | Zhichun Li, Anup Goyal, Yan Chen, Vern Paxson |
Comments (0)
Researcher Info
|
