Abstract
Botnet is a network of compromised computers controlled by attackers. In this chapter botnet forensics with relevance to network forensics is discussed. To understand the botnet threat, the architectures, protocols, and life cycle of botnet network are discussed. The standard botnet forensic process and its various investigation techniques are discussed. The botnet forensics consists of acquisition, analysis, and attribution phases. The research challenges related to botnet forensics and its investigation are also discussed.
This is a preview of subscription content, log in via an institution.
References
Wang P et al (2010) Honeypot detection in advanced botnet attacks. Int J Inf Comput Secur (IJICS) 4(1):30–51
Stevenson A (2014) Botnets infecting 18 systems per second, warns FBI. July 16, 2014 [cited 2015 9 March 2015]; Available from: http://www.v3.co.uk/v3-uk/news/2355596/botnets-infecting-18-systems-per-second-warns-fbi, 31 Mar 2016
Rajab MA et al (2006) A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM conference on internet measurement (IMC’06), ACM, Rio de Janeiro, Brazil
Grizzard JB et al (2007) Peer-to-peer botnets: overview and case study. In: Proceedings of first workshop on hot topics in understanding botnets (HotBots’07), USENIX Association, Cambridge, MA, pp 1–8
Rodríguez-Gómez RA, Maciá-Fernández G, García-Teodoro P (2013) Survey and taxonomy of botnet research through life-cycle. ACM Comput Surv (CSUR) 45(4):45
Zhu Z et al (2008) Botnet Research Survey. In: 32nd annual IEEE international computer software and applications (COMPSAC’08)
Feily M, Shahrestani A, Ramadass S (2009) A survey of botnet and botnet detection. In: Third international conference on emerging security information, systems and technologies (SECURWARE’09). IEEE
Cooke E, Jahanian F, McPherson D (2005) The Zombie roundup: understanding, detecting, and disrupting botnets. In: Proceedings of the USENIX workshop on steps to reducing unwanted traffic on the internet (SRUTI ’05). Boston: USENIX Association, Berkeley, CA
Seungwon S et al (2012) A large-scale empirical study of conficker. IEEE Trans Inf Forensics Secur 7(2):676–690
Fitzgibbon N, Wood M (2009) Conficker. C: a technical analysis. SophosLabs, Sophon Inc
Cusack B (2014) Botnet forensic investigation techniques and cost evaluation. In: Proceedings of the conference on digital forensics, security and law
Andriesse D, Rossow C, Bos H (2015) Reliable Recon in adversarial peer-to-peer botnets
Rossow C et al (2013) SoK: P2PWNED – modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE symposium on security and privacy (SP)
Bacher P et al (2005) Know your enemy: tracking botnets. In: The Honeynet Project & Research Alliance
Cremonini M, Riccardi M (2009) The Dorothy project: an open botnet analysis framework for automatic tracking and activity visualization. In: European conference on computer network defense (EC2ND)
Provos N, Holz T (2007) Virtual honeypots: from botnet tracking to intrusion detection. Addison-Wesley Professional
Provos N (2003) Honeyd-a virtual honeypot daemon. In: 10th DFN-CERT workshop, Hamburg, Germany
An open architecture for distributed malware collection and analysis. (2010)
Zou CC, Cunningham R (2006) Honeypot-Aware advanced botnet construction and maintenance. In: International conference on dependable systems and networks (DSN ’06)
Barford P, Yegneswaran V (2007) An inside look at botnets. In: Christodorescu M et al (eds) Malware detection- advances in information security. Springer US, pp 171–191
Riccardi M et al (2010) A framework for financial botnet analysis. In: eCrime Researchers Summit (eCrime), 2010
Pathak A et al (2009) Botnet spam campaigns can be long lasting: evidence, implications, and analysis. ACM
Pitsillidis A et al. Botnet judo: fighting spam with itself
Freiling F, Holz T, Wicherski G (2005) Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks. Computer Security–ESORICS 2005, pp 319–335
Thomas K, Nicol DM. The Koobface botnet and the rise of social malware. IEEE
Passerini E et al (2008) Fluxor: detecting and monitoring fast-flux service networks. In: Detection of intrusions and Malware, and vulnerability assessment (DIMVA’08), Lecture Notes in Computer Science
Nazario J, Holz T (2008) As the net churns: fast-flux botnet observations. In: 3rd international conference on Malicious and unwanted software (MALWARE ’08), Alexandria, VA
Matrosov A, Rodionov E (2011) Festi botnet analysis & investigation
Masud MM et al (2008) Flow-based identification of botnet traffic by mining multiple log files. IEEE.
Dae-il J et al (2009) Analysis of HTTP2P botnet: case study waledac. In: Communications (MICC), 2009 IEEE 9th Malaysia International conference on
Dafan D et al (2008) Deep analysis of intending peer-to-peer botnet. In: Grid and cooperative computing, 2008. GCC ’08. Seventh international conference on
Mazzariello C (2008) IRC traffic analysis for botnet detection. Ieee
Karasaridis A, Rexroad B, Hoeflin D (2007) Wide-scale botnet detection and characterization. In: Proceedings of the first conference on first workshop on hot topics in understanding botnets. Cambridge, MA
Shahrestani A et al (2009) Architecture for applying data mining and visualization on network flow for botnet traffic detection. In: Computer technology and development, 2009. ICCTD ’09. International conference on
Thomas B et al (2011) An FPGA system for detecting malicious DNS network traffic advances in digital forensics VII. Springer, Boston, pp 195–207
Ramachandran A, Feamster N, Dagon D (2006) Revealing botnet membership using DNSBL counter-intelligence. In: Proceedings of the 2nd workshop on steps to reducing unwanted traffic on the internet (SRUTI’06), San Jose, California, USA
Dagon D, Zou C, Lee W (2006) Modeling botnet propagation using time zones. In: Proceedings of the 13th annual network and distributed system security symposium (NDSS 2006), San Diego, CA, ISOC
Law FYW et al (2010) A host-based approach to BotNet investigation? In: Goel S et al (eds) Digital forensics and cyber crime. Springer, Berlin/Heidelberg, pp 161–170
Ard C (2007) Botnet analysis. Int J Forensic Comput Sci 2(1):65–74
de Graaf D, Shosha A, Gladyshev P (2013) BREDOLAB: shopping in the cybercrime underworld. In: Rogers M, Seigfried-Spellar K (eds) Digital forensics and cyber crime. Springer, Berlin/Heidelberg, pp 302–313
Vural I et al (2010) Mobile botnet detection using network forensics. In: Future internet – FIS. Springer, Berlin/Heidelberg, pp 57–67
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag London
About this chapter
Cite this chapter
Joshi, R.C., Pilli, E.S. (2016). Botnet Forensics. In: Fundamentals of Network Forensics. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-7299-4_8
Download citation
DOI: https://doi.org/10.1007/978-1-4471-7299-4_8
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-7297-0
Online ISBN: 978-1-4471-7299-4
eBook Packages: Computer ScienceComputer Science (R0)