Skip to main content
SpringerLink
Log in
Book cover

Botnet Detection pp 143–164Cite as

A Taxonomy of Botnet Structures

  • Chapter

Part of the book series: Advances in Information Security ((ADIS,volume 36))

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Waste: Anonymous, secure, encrypted sharing. http://waste.sourceforge. net/index.php?id=projects, 2007.

    Google Scholar 

  2. WineHQ: Windows API Implementation for Li5Dnux. http://www.winehq.com/, 2007.

    Google Scholar 

  3. A.-L. Barabási and R. Albert. Science, 286(509), 1999.

    Google Scholar 

  4. R’eka Albert and Alert-László Barabási. Statistical mechanics of complex networks. Reviews of Modern Physics, 74(1), 2002.

    Google Scholar 

  5. Réka Albert, Hawoong Jeong, and Alert-Lászloó Barabási. Error and attack tolerance of complex networks. Nature, 406:378=382, 2000.

    Google Scholar 

  6. Mark Allman and Vern Paxson. On estimating end-to-end network path properties. In ACM Special Interest Group on Data Communication (SIGCOMM ’99), volume 29, 1999.

    Google Scholar 

  7. Michael Bacarella. TMetric bandwidth estimation tool. http://michael. bacarella.com/projects/tmetric/, 2007.

    Google Scholar 

  8. Paul Barford and Vinod Yegneswaran. An inside look at botnets. In In Series: Advances in Information Security. Springer Verlag, 2006.

    Google Scholar 

  9. V.H. Berk, R.S. Gray, and G. Bakos. Using sensor networks and data fusion for early detection of active worms. In Proceedings of the SPIE AeroSense, 2003.

    Google Scholar 

  10. B. Bollobás. Random Graphs. Academic Press, 1985.

    Google Scholar 

  11. David Brumley. Tracking hackers on IRC. http://www.doomdead.com/texts/ ircmirc/TrackingHackersonIRC.htm, 2003.

    Google Scholar 

  12. Edwin Calimbo. Packetnews: The ultimate irc search engine. http://www. packetnews.com/, 2007.

    Google Scholar 

  13. Evan Cooke and Farnam Jahanian. The zombie roundup: Understanding, detecting, and disrupting botnets. In Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI ’05), 2005.

    Google Scholar 

  14. David Dagon. The network is the infection. http://www.caida.org/projects/ oarc/200507/slides/oarc0507-D\agon.pdf, 2005.

    Google Scholar 

  15. David Dagon, Amar Takar, Guofei Gu, Xinzhou Qin, and Wenke Lee. Worm population control through periodic response. Technical report, Georgia Institute of Technology, June 2004.

    Google Scholar 

  16. David Dagon, Cliff Zou, and Wenke Lee. Modeling botnet propagation using time zones. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS’06), 2006.

    Google Scholar 

  17. Felix C. Freiling, Thorsten Holz, and Georg Wicherski. Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. Technical Report ISSN-0935-3232, RWTH Aachen, April 2005.

    Google Scholar 

  18. Jan Goebel and Thorsten Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. In USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.

    Google Scholar 

  19. Julian B. Grizzard, Vikram Sharma, Chris Nunnery, Brent ByungHoon Kang, and David Dagon. Peer-to-peer botnets: Overview and case study. In USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.

    Google Scholar 

  20. Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. Bothunter: Detecting malware infection through ids-driven dialog correlation. In 16th USENIX Security Symposium (Security’07), 2007.

    Google Scholar 

  21. Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley. Worm detection, early warning and response based on local victim information. In 20th Annual Computer Security Applications Conference (ACSAC), 2004.

    Google Scholar 

  22. Christopher Hanna. Using snort to detect rogue IRC bot programs. Technical report, October 2004.

    Google Scholar 

  23. Petter Holme, Beom Jun Kim, Chang No Yoon, and Seung Kee Han. Attack vulnerability of complex networks. Phys. Rev., E65(056109), 2002.

    Google Scholar 

  24. John Horrigan. Broadband adoption at home in the united states: Growing but slowing. http://web.si.umich.edu/tprc/papers/2005/501/TPRC%20Horrigan%20Broadband.2005b.pdf, 2005.

    Google Scholar 

  25. Manish Jain and Constantinos Dovrolis. End-to-end available bandwidth: Measurement. methodology, dynamics, and relation with tcp. In Special Interest Group on Data Communication (SIGCOMM ’02), 2002.

    Google Scholar 

  26. Xuxian Jiang, Dongyan Xu, Helen J. Wang, and Eugene H. Spafford. Virtual playgrounds for worm behavior investigation. Technical Report CERIAS Technical Report (2005-24), Purdue University, February 2005.

    Google Scholar 

  27. C. Kalt. Internet relay chat: Architecture. http://www.faqs.org/rfcs/rfc2810.html, 2000.

    Google Scholar 

  28. Anestis Karasaridis, Brian Rexroad, and David Hoeflin. Wide-scale botnet detection and characterization. In USENIX Workshop on Hot Topics in Understanding Botnets (Hot-Bots’07), 2007.

    Google Scholar 

  29. Kevin Killourhy, Roy Maxion, and Kymie Tan. A defense-centric taxonomy based on attack manifestations. In International Conference on Dependable Systems and Networks (ICDS’04), 2004.

    Google Scholar 

  30. Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi. A taxonomy of computer program security flaws, September 1994.

    Google Scholar 

  31. Ulf Lindqvist and Erland Jonsson. How to systematically classify computer security intrusions. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 154–163, 1997.

    Google Scholar 

  32. LURHQ. Zindos worm analysis. http://www.lurhq.com/zindos.html, 2004.

    Google Scholar 

  33. Qin Lv, Pei Cao, Edith Cohen, Kai Li, and Scott Shenker. Search and replication in unstructured peer-to-peer networks. In ICS ’02: Proceedings of the 16th international conference on Supercomputing, pages 84–95, New York, NY, USA, 2002. ACM Press.

    Google Scholar 

  34. MaxMind LLC. Maxmind - ip geolocation and online fraud prevention. http://www.maxmind.com/, 2007.

    Google Scholar 

  35. Trend Micro. Taxonomy of botnet threats. Technical report, Trend Micro White Paper, November 2006.

    Google Scholar 

  36. S. Milgram. The small world problem. Psychology Today, 2(60), 1967.

    Google Scholar 

  37. D. Moore. Code-red: A case study on the spread and victims of an internet worm. http://www.icir.org/vern/imw-2002/imw2002-papers/209.ps.gz, 2002.

    Google Scholar 

  38. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the slammer worm. IEEE Magazine on Security and Privacy, 1(4), July 2003.

    Google Scholar 

  39. D. Moore, C. Shannon, G. M. Voelker, and S. Savage. Internet quarantine: Requirements for containing self-propagating code. In Proceedings of the IEEE INFOCOM 2003, March 2003.

    Google Scholar 

  40. Shishir Nagarja and Ross Anderson. The topology of covert conflict. Technical Report UCAM-CL-TR-637, University of Cambridge, July 2005.

    Google Scholar 

  41. Jose Nazario. Botnet tracking: Tools, techniques, and lessons learned. In Black Hat, 2007.

    Google Scholar 

  42. M.E.J. Newman, S.H. Strogatz, and D.J. Watts. Random graphs with arbitrary degree distributions and their applications. Phys. Rev., E64(026118), 2001.

    Google Scholar 

  43. Nielsen NetRatings. Average web usage. http://www.nielsen-netratings. com/reports.jsp?section=pub_reports&repor%t=usage&period= weekly, 2007.

    Google Scholar 

  44. Janak J Parekh. Columbia ids worminator project. http://worminator.cs.columbia.edu/, 2004.

    Google Scholar 

  45. L. Qin, C. Pei, E. Cohen, L. Kai, and S. Scott. Search and replication in unstructured peer-to-peer networks. In 16th ACM International Conference on Supercomputing, 2002.

    Google Scholar 

  46. Moheeb Rajab, Jay Zarfoss, Fabian Monrose, and Andreas Terzis. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM on Internet Measurement (IMC), pages 41–52, 2006.

    Google Scholar 

  47. Moheeb Rajab, Jay Zarfoss, Fabian Monrose, and Andreas Terzis. My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. In USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.

    Google Scholar 

  48. S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In Proceedings of the ACM Conference of the Special Interest Group on Data Communication (SIGCOMM), pages 161–172, August 2001.

    Google Scholar 

  49. M. Ripeanu, I. Foster, and A. Iamnitchi. Mapping the gnutella network: Properties of large-scale peer-to-peer systems and implications for system design. IEEE Internet Computing Journal, 6(1), 2002.

    Google Scholar 

  50. Colleen Shannon and David Moore. The spread of the witty worm. Security & Privacy Magazine, 2(4):46–50, 2004.

    Article  Google Scholar 

  51. Atul Singh, Tsuen-Wan Ngan, Peter Druschel, and Dan Wallach. Eclipse attacks on overlay networks: Threats and defenses. In Proceedings of INFOCOM’06, April 2006.

    Google Scholar 

  52. Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, and Hari Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In Proceedings of the ACM SIGCOMM ’01 Conference, San Diego, California, August 2001.

    Google Scholar 

  53. Ryan Vogt and John Aycock. Attack of the 50 foot botnet. Technical report, Department of Computer Science, University of Calgary, August 2006.

    Google Scholar 

  54. Ryan Vogt, John Aycock, and Michael Jacobson. Army of botnets. In Proceedings of NDSS’07, 2007.

    Google Scholar 

  55. Ping Wang, Sherri Sparks, and Cliff C. Zou. An advanced hybrid peer-to-peer botnet. In USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.

    Google Scholar 

  56. D.J. Watts and S.H. Strogatz. Nature, 393(440), 1998.

    Google Scholar 

  57. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham. A taxonomy of computer worms. In 2003 ACM Workshop on Rapid Malcode (WORM’03). ACM SIGSAC, October 2003.

    Google Scholar 

  58. Yinglian Xie, Hyang-Ah Kim, David R. O’Hallaron, Michael K. Reiter, and Hui Zhang. Seurat: A pointillist approach to network security, 2004.

    Google Scholar 

  59. Y. Zhang and V. Paxson. Detecting stepping stones. In Proceedings of the 9th USENIX Security Symposium, August 2000.

    Google Scholar 

  60. C. C. Zou, L. Gao, W. Gong, and D. Towsley. Monitoring and early warning for internet worms. In Proceedings of 10th ACM Conference on Computer and Communications Security (CCS’03), October 2003.

    Google Scholar 

  61. C. C. Zou, W. Gong, and D. Towsley. Code red worm propagation modeling and analysis. In Proceedings of 9th ACM Conference on Computer and Communications Security (CCS’02), October 2002.

    Google Scholar 

  62. C. C. Zou, W. Gong, and D. Towsley. Worm propagation modeling and analysis under dynamic quarantine defense. In Proceedings of ACM CCS Workshop on Rapid Malcode (WORM’03), October 2003.

    Google Scholar 

  63. C.C. Zou, D. Towsley, W. Gong, and S. Cai. Routing worm: A fast, selective attack worm based on ip address information. Technical Report TR-03-CSE-06, Umass ECE Dept., November 2003.

    Google Scholar 

  64. Cliff Zou and Ryan Cunningham. Honeypot-aware advanced botnet construction and maintenance. In International Conference on Dependable Systems and Networks (DSN), pages 199–208, June 2006.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Georgia Institute of Technology, Atlanta, GA 30332

    David Dagon & Guofei Gu

  2. School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332

    Christopher P. Lee

Authors
  1. David Dagon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guofei Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christopher P. Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgia Institute Technology College of Computing, 266 Ferst Drive, Atlanta, GA 30332-0765

    Wenke Lee

  2. US Army Research Office Computing and Information Science Div, P.O.Box 12211, Research Triangle Park NC 27709-2211

    Cliff Wang

  3. Georgia Institute Technology College of Computing, 266 Ferst Drive, Atlanta, GA 30332-0765

    David Dagon

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Dagon, D., Gu, G., Lee, C.P. (2008). A Taxonomy of Botnet Structures. In: Lee, W., Wang, C., Dagon, D. (eds) Botnet Detection. Advances in Information Security, vol 36. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-68768-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-68768-1_8

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-68766-7

  • Online ISBN: 978-0-387-68768-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation