Malware Detection and Prevention Platform: Telecom Italia Case Study
This paper illustrates the botnet problem, its impact and the need of security measures. By reviewing the existing literature regarding the botnet detection solutions the paper evidences the important role an ISP could take to better safeguard the user reducing in the meantime the spreading of the botnet phenomenon. The malware detection and prevention platform that Telecom Italia has defined is described. The aim is to minimize the potential harm that bots can inflict upon Internet infrastructure and to provide a detection and notification way to the users when their machines try to access a malware domain or when there is evidence that their computers have been compromised.
The idea is not necessarily to block or delay the users’ traffic but to inform the users about the potential security risk on navigating on compromised sites, leaving anyway to the users the final choice to access the malicious domain. A security portal is accessible from a user detected as potentially infected with the aims to provide a common, well-organized set of information useful to clean the compromised system. Following this approach TI intends to prevent damage to its infrastructure while contrasting the malware infection spread.
KeywordsInternet Service Provider Malicious Code Query Graph Security Portal Botnet Detection
Unable to display preview. Download preview PDF.
- Mody Nirmal, O’Reirdam Michael: Messaging Anti-Abuse Working Group Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks, July 2009, V1.0.0.Google Scholar
- Livingood Jason, Mody Nirmal, O’Reirdam Michael: Recommendations for the Remediation of Bots in ISP Network, September 2009, V03.Google Scholar
- Japanese government, Cyber Clean Center (CCC) Activity Report, FY 2007, https://www.ccc.go.jp/en_report/h19ccc_en_report.pdf.
- Ramachandran Anirudh, Feamster Nick, Dagon David: Revealing Botnet Membership Using DNSBL Counter-Intelligence, July 2006.Google Scholar
- Choi Hyunsang, Lee Hanwoo, Lee Heejo, Kim Hyogon: Botnet Detection by monitoring group activities in DNS Traffic, 2009Google Scholar
- Keisuke Ishibashi, Tsuyoshi Toyono, Makoto Iwamura: Botnet Detection combining DNS and Honeypot Data, 2008Google Scholar
- Weimer Florian: Passive DNS Replication. April 2005Google Scholar