Modeling Botnet Propagation Using Time Zones

13 years 8 months ago
Modeling Botnet Propagation Using Time Zones
Time zones play an important and unexplored role in malware epidemics. To understand how time and location affect malware spread dynamics, we studied botnets, or large coordinated collections of victim machines (zombies) controlled by attackers. Over a six month period we observed dozens of botnets representing millions of victims. We noted diurnal properties in botnet activity, which we suspect occurs because victims turn their computers off at night. Through binary analysis, we also confirmed that some botnets demonstrated a bias in infecting regional populations. Clearly, computers that are offline are not infectious, and any regional bias in infections will affect the overall growth of the botnet. We therefore created a diurnal propagation model. The model uses diurnal shaping functions to capture regional variations in online vulnerable populations. The diurnal model also lets one compare propagation rates for different botnets, and prioritize response. Because of variations in...
David Dagon, Cliff Changchun Zou, Wenke Lee
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where NDSS
Authors David Dagon, Cliff Changchun Zou, Wenke Lee
Comments (0)