Detecting Botnet Membership with DNSBL Counterintelligence

  • Anirudh Ramachandran
  • Nick Feamster
  • David Dagon
Part of the Advances in Information Security book series (ADIS, volume 36)


Arrival Pattern Query Graph Mail Server Botnet Detection Internet Relay Chat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Taormina, Sicily, Italy, October 2004.Google Scholar
  2. 2.
    Bobax trojan analysis., March 2005.Google Scholar
  3. 3.
    Symantec Security Alert–W32.Bobax.D worm. avcenter/venc/data/w32.bobax.d.html.Google Scholar
  4. 4.
    David Brumley. Tracking hackers on IRC. ircmirc/TrackingHackersonIRC.htm, 2003.Google Scholar
  5. 5.
    CNN Technology News. Expert: Botnets No. 1 emerging Internet threat. http://www., January 2006.Google Scholar
  6. 6.
    Evan Cooke, Farnam Jahanian, and Danny McPherson. The Zombie Roundup: Understanding, Detecting and Disrupting Botnets. In Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), June 2005.Google Scholar
  7. 7.
    David Dagon, Cliff Zou, and Wenke Lee. Modeling botnet propagation using time zones. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS ’06), 2006.Google Scholar
  8. 8.
    S. Dietrich, N. Long, and D. Dittrich. Analyzing distributed denial of service attack tools: The shaft case. In Proceedings of the LISA 2000 System Administration Conference, December 2000.Google Scholar
  9. 9.
    Felix C. Freiling, Thorsten Holz, and Georg Wicherski. Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. Technical Report ISSN-0935-3232, RWTH Aachen, April 2005.Google Scholar
  10. 10.
    Luis H. Gomes, Cristiano Cazita, Jussara Almeida, Virgilio Almeida, and Wagner Meira. Characterizing a Spam Traffic. In Proc. ACM SIGCOMM Internet Measurement Conference[1].Google Scholar
  11. 11.
    Christopher Hanna. Using snort to detect rogue IRC bot programs. Technical report, October 2004.Google Scholar
  12. 12.
    12. Jaeyeon Jung and Emil Sit. An Empirical Study of Spam Traffic and the Use of DNS Black Lists. In Proc. ACM SIGCOMM Internet Measurement Conference[1], pages 370–375.Google Scholar
  13. 13.
    Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger. Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds. In Proc. 2nd Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005.Google Scholar
  14. 14.
    Sven Krasser, Gregory Conti, Julian Grizzard, Jeff Gribschaw, and Henry Owen. Real-time and forensic network data analysis using animated and coordinated visualization. In Proceedings of the 6th IEEE Information Assurance Workshop, 2005.Google Scholar
  15. 15.
    Brian Krebs. Bringing botnets out of the shadows. html, 2006.Google Scholar
  16. 16.
    D. Moore, Geoffrey M. Voelker, and Stefan Savage. Inferring internet denial-of-service activity. In Proceedings of the 2001 USENIX Security Symposium, 2001.Google Scholar
  17. 17.
    Stephan Racine. Analysis of internet relay chat usage by ddos zombies. ftp://www., 2004.Google Scholar
  18. 18.
    Anirudh Ramachandran and Nick Feamster. Understanding the Network-Level Behavior of Spammers. In Proc. ACM SIGCOMM, Pisa, Italy, September 2006.Google Scholar
  19. 19.
    Puri Ramneek. Bots & Botnets: An Overview., 2003.Google Scholar
  20. 20.
    S.E. Schechter and M.D. Smith. Access for sale. In 2003 ACM Workshop on Rapid Malcode (WORM’03). ACM SIGSAC, October 2003.Google Scholar
  21. 21.
    SpamAssassin, 2005. Scholar
  22. 22.
    SwatIt. Bots, drones, zombies, worms and other things that go bump in the night. http: //, 2004.Google Scholar
  23. 23.
    Virus Bulletin 2005 Paper on ’Bots and Botnets’. Scholar
  24. 24.
    Y. Zhang and V. Paxson. Detecting stepping stones. In Proceedings of the 9th USENIX Security Symposium, August 2000.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Anirudh Ramachandran
    • 1
  • Nick Feamster
    • 1
  • David Dagon
    • 1
  1. 1.School of Computer Science, Georgia Institute of TechnologyAtlanta

Personalised recommendations