Abstract
While providing elasticity to clients through on-demand service and cost-effectiveness to service providers through efficient resource allocation, current cloud infrastructures are largely homogeneously and statically configured for ease of administration. This leaves ample opportunities for attackers to reconnoiter and penetrate the security perimeter of cloud services. This chapter (1) explores the evolution in botnet technologies from the early static architectures to the recent dynamic and resilient architectures that employ various moving target defense (MTD) techniques to circumvent crackdowns, and (2) draws lessons from botnets in identifying cloud security challenges and proposed solutions to MTD for cloud infrastructures, in which the cloud infrastructure configuration constantly evolves to confuse attackers without significantly degrading the quality of service. Proposed solutions may increase the cost for potential attackers by complicating the attack process and limiting the exposure of network vulnerability in order to make the network more resilient against novel and persistent attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC’06, New York, pp. 41–52. ACM, New York (2006). doi:10.1145/ 1177080.1177086
abuse.ch, ZeuS gets more sophisticated using P2P techniques. http://goo.gl/ugThA (2011)
Antonakakis, M., Demar, J., Elisan, C., Jerrim, J.: damballa.com, DGAs and cyber-criminals: a case study. http://goo.gl/yDG2C (2012)
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of dga-based malware. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, Bellevue, pp. 24–24. USENIX Association, Berkeley (2012)
Aviv, A.J., Haeberlen, A.: Challenges in experimenting with botnet detection systems. In: Proceedings of the 4th Conference on Cyber Security Experimentation and Test, CSET’11, San Francisco, pp. 6–6. USENIX Association, Berkeley (2011)
Baset, S.A., Schulzrinne, H.: An analysis of the skype peer-to-peer internet telephony protocol. In: Proceedings the 25th IEEE International Conference on Computer Communications, INFOCOM’06, Barcelona, pp. 134–146. IEEE, Washington, DC (2006).doi:10.1109/INFOCOM.2006.312
Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secur. 14(1), 2:1–2:28 (2011). doi:10.1145/1952982.1952984
Bayoglu, B., Sogukpinar, I.: Polymorphic worm detection using token-pair signatures. In: Proceedings of the 4th International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, SecPerU’08, Sorrento, pp. 7–12. ACM, New York (2008). doi:10.1145/ 1387329.1387331
Beitollahi, H., Deconinck, G.: Review: analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012). doi:10.1016/j.comcom.2012.04.008
Bhattacharya, J., Vashistha, S.: Utility computing-based framework for e-governance. In: Proceedings of the 2nd International Conference on Theory and Practice of Electronic Governance, ICEGOV’08, Cairo, pp. 303–309. ACM, New York (2008). doi:10.1145/1509096.1509160
Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the Zeus botnet crimeware toolkit. In: Proceedings of 8th Annual International Conference on Privacy Security and Trust, PST’10, Ottawa (2010). doi:10.1109/PST. 2010.5593240
Boshmaf, Y., Muslukhov, I., Beznosov, K., Ripeanu, M.: The socialbot network: when bots socialize for fame and money. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC’11, Orlando, pp. 93–102. ACM, New York (2011). doi:10.1145/2076732. 2076746
Boyd, S., Keromytis, A.: SQLrand: preventing SQL injection attacks. In: Proceedings of the 2nd Applied Cryptography and Network Security, ACNS’04, Yellow Mountain, pp. 292–302 (2004)
businesswire.com, Amazon Web Services launches “Elastic IPs” – static IPs for dynamic cloud computing
Caracas, A., Altmann, J.: A pricing information service for grid computing. In: Proceedings of the 8th ACM/IFIP/USENIX International Middleware Conference: 5th International Workshop on Middleware for Grid Computing, MGC’07, Newport Beach, pp. 4:1–4:6. ACM, New York (2007). doi:10.1145/1376849.1376853
Cepe, J.: trendmicro.com, The plot thickens for ZeuS-LICAT. http://goo.gl/roa3j (2010)
Cheng, Y., Agrawal, D.: An improved key distribution mechanism for large-scale hierarchical wireless sensor networks. Ad Hoc Netw. 5(1), 35–48 (2007)
Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: Proceedings of the 7th IEEE International Conference on Computer and Information Technology, CIT’07, Fukushima, University of Aizu, pp. 715–720. IEEE Computer Society, Washington, DC (2007)
Comazzetto, A.: sophos.com, Botnets: the dark side of cloud computing. http://goo.gl/AOaoB
computerweekly.com, Reports of Gumblar’s death greatly exaggerated. http://goo.gl/n41HQ (2009)
confickerworkinggroup.org, Conficker Working Group: lessons learned. http://goo.gl/bfsPZ (2011)
Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the 19th International Conference on World Wide Web, WWW’10, Raleigh, pp. 281–290. ACM, New York (2010). doi:10.1145/ 1772690.1772720
Dagon, D., Zou, C., Lee, W.: Modeling botnet propagation using time zones. In: Proceedings of the 13th Network and Distributed System Security, NDSS’06, San Diego. USENIX Association, Berkeley (2006)
Dainotti, A., King, A., Claffy, K., Papale, F., Pescapè, A.: Analysis of a “/0” stealth scan from a botnet. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, Boston, pp. 1–14. ACM, New York (2012). doi:10.1145/2398776.2398778
damballa.com, ZeuS gets more sophisticated using P2P techniques. http://goo.gl/MseB7 (2011)
damballa.com, DGAs in the hands of cyber-criminals. http://goo.gl/MseB7 (2012)
Danchev, D.: zdnet.com, Facebook phishing campaign serving Zeus crimeware. http://goo.gl/dn4cb (2010)
Davis, C., Fernandez, J., Neville, S., McHugh, J.: Sybil attacks as a mitigation strategy against the storm botnet. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software, MALWARE’08, Fairfax. IEEE Computer Society, Washington, DC (2008). doi:10.1109/MALWARE.2008.4690855
De Couto, D.S.J., Aguayo, D., Bicket, J., Morris, R.: A high-throughput path metric for multi-hop wireless routing. Wirel. Netw. 11(4), 419–434 (2005). doi:10.1007/s11276-005-1766-z
dhs.gov, U.S. Homeland Security Cyber Security R&D Center: Moving Target Defense (MTD) program. http://goo.gl/XuIUx (2012)
Dittrich, D., Dietrich, S.: P2P as botnet command and control: a deeper insight. In: Proceedings of the 3rd International Conference On Malicious and Unwanted Software, MALWARE’08, Fairfax, pp. 46–63. IEEE, Piscataway (2008)
Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8(4), 35:1–35:21 (2012). doi:10.1145/2086696.2086714
Dong, Y., Chen, Y., Pan, Z., Dai, J., Jiang, Y.: ReNIC: architectural extension to SR-IOV I/O virtualization for efficient replication. ACM Trans. Archit. Code Optim. 8(4), 40:1–40:22 (2012). doi:10.1145/ 2086696.2086719
Falliere, N.: symantec.com, Sality: story of a peer-to-peer viral network. http://goo.gl/kCfm5 (2011)
fbi.gov, Operation: bot roast. http://goo.gl/FnHZK (2007)
Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of the 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE’09, Athens, pp. 268–273. IEEE Computer Society, Washington, DC (2009). doi:10.1109/SECURWARE.2009.48
Ferguson, R.: trendmicro.eu, The history of the botnet—Part I. http://goo.gl/nfDHl (2010)
Francia, R.: blorge.com, Storm worm network shrinks to about one-tenth of its former size. http://goo.gl/Jw8j7 (2007)
Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC’10, Melbourne, pp. 35–47. ACM, New York (2010). doi:10.1145/1879141.1879147
Gaudin, S.: informationweek.com, Storm worm botnet attacks anti-spam firms. http://goo.gl/0PtVa (2007)
Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets, HotBots’07, Cambridge, pp. 1–1. USENIX Association, Berkeley (2007)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, SS’08, San Jose, pp. 139–154. USENIX Association, Berkeley (2008)
Gutmann, P.: The commercial malware industry. In: Proceedings of the 2007 DEFCON Conference, DEFCON’07, Las Vegas (2007)
Hachem, N., Mustapha, Y.B., Granadillo, G.G., Debar, H.: Botnets: lifecycle and taxonomy. In: Proceedings of the 2011 Conference on Network and Information Systems Security, SAR-SSI’11, La Rochelle, pp. 1–8. IEEE Computer Society, Washington, DC (2011). doi:10.1109/ SAR-SSI.2011.5931395
Higgins, K.J.: darkreading.com, New fast-flux botnet unmasked. http://goo.gl/5CpCu (2011)
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08, San Francisco, pp. 9:1–9:9. USENIX Association, Berkeley (2008)
honeynet.org, Honeywall. http://goo.gl/TU4vi
Howard, A., Hu, Y.: An approach for detecting malicious keyloggers. In: Proceedings of the 2012 Information Security Curriculum Development Conference, InfoSecCD’12, Kennesaw, pp. 53–56. ACM, New York (2012). doi:10.1145/2390317.2390326
Huang, S.Y., Mao, C.H., Lee, H.M.: Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 101–111. ACM, New York (2010). doi:10.1145/1755688.1755702
Huebscher, M.C., McCann, J.A.: A survey of autonomic computing: degrees, models, and applications. ACM Comput. Surv. 40(3), 7:1–7:28 (2008). doi:10.1145/1380584.1380585
hyphenet.com, Fake Verizon Wireless bill notification emails lead to malware. http://goo.gl/PrkaX (2012)
Jabrooth, A.U., Parvathavarthini, B.: Polymorphic worms detection using extended PolyTree. In: Proceedings of the 2nd International Conference on Computational Science, Engineering and Information Technology, CCSEIT’12, Coimbatore, pp. 532–538. ACM, New York (2012). doi:10.1145/2393216.2393305
Jackson, D.: secureworks.com, Untorpig. http://goo.gl/RCfvl (2008)
Jain, P., Sardana, A.: Defending against internet worms using honeyfarm. In: Proceedings of the CUBE International Information Technology Conference, CUBE’12, Pune, pp. 795–800. ACM, New York (2012). doi:10.1145/2381716.2381867
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011). doi:10.1007/978-1-4614-0977-9
Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100. Springer, New York (2012)
Kang, B.B., Chan-Tin, E., Lee, C.P., Tyra, J., Kang, H.J., Nunnery, C., Wadler, Z., Sinclair, G., Hopper, N., Dagon, D., Kim, Y.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09, Sydney, pp. 23–34. ACM, New York (2009). doi:10.1145/1533057.1533064
Katz, J., Shin, J.S.: Modeling insider attacks on group key-exchange protocols. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS’05, Alexandria, pp. 180–189. ACM, New York (2005). doi:10.1145/1102120.1102146
Kephart, J.O.: Autonomic computing: the first decade. In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC’11, Huddersfield, pp. 1–2. ACM, New York (2011). doi:10.1145/ 1998582.1998584
Lee, S., Kim, J.: Fluxing botnet command and control channels with URL shortening services. Comput. Commun. 36(3), 320–332 (2013). doi:10.1016/j.comcom.2012.10.003
Lemos, R.: eweek.com, ‘Gameover’ financial botnet compromises nearly 700,000 victims. http://goo.gl/izm6t (2012)
Li, Z., Mohapatra, P.: QoS-aware multicasting in DiffServ domains. Comput. Commun. Rev. 34(5), 47–57 (2004). doi:10.1145/1039111. 1039112
Li, Z., Goyal, A., Chen, Y., Paxson, V.: Automating analysis of large-scale botnet probing events. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09, Sydney, pp. 11–22. ACM, New York (2009). doi:10.1145/1533057.1533063
Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: a basis for building self-protecting servers. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS’05, Alexandria, pp. 213–222. ACM, New York (2005). doi:10.1145/ 1102120.1102150
Liu, P., Yang, Z., Song, X., Zhou, Y., Chen, H., Zang, B.: Heterogeneous live migration of virtual machines. In: Proceedings of the International Workshop on Virtualization Technology (IWVT), Beijing (2008)
Liu, C., Lu, W., Zhang, Z., Liao, P., Cui, X.: A recoverable hybrid C&C botnet. In: Proceedings of the 6th International Conference on Malicious and Unwanted Software, MALWARE’11, Fajardo, pp. 110–118. IEEE Computer Society, Washington, DC (2011). doi:10.1109/MALWARE. 2011.6112334
Maggio, M., Hoffmann, H., Santambrogio, M.D., Agarwal, A., Leva, A.: Decision making in autonomic computing systems: comparison of approaches and techniques. In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC’11, Karlsruhe, pp. 201–204. ACM, New York (2011). doi:10.1145/1998582. 1998629
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Sebastopol (2009)
Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system/ based on the xor metric. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems, Cambridge, pp. 53–65 (2002)
mcafee.com, W32/Akbot. http://goo.gl/cbrRC (2006)
McCarty, B.: Botnets: big and bigger. IEEE Secur. Privacy 1(4), 87–90 (2003). doi:10.1109/MSECP.2003.1219079
Mendonça, L., Santos, H.: Botnets: a heuristic-based detection framework. In: Proceedings of the Fifth International Conference on Security of Information and Networks, SIN’12, Jaipur, pp. 33–40. ACM, New York (2012). doi:10.1145/2388576.2388580
Mercuri, R.T.: Scoping identity theft. Commun. ACM 49(5), 17–21 (2006). doi:10.1145/1125944.1125961
microsoft.com, Microsoft Security Bulletin MS04-011. http://goo.gl/DP4QB (2004)
microsoft.com, How Does Botnets Work? http://goo.gl/UYGQ1 (2009)
Misra, R., Mandal, C.: Rotation of cds via connected domatic partition in Ad Hoc sensor networks. IEEE Trans. Mob. Comput. 8(4), 488–499 (2009). doi:10.1109/TMC.2008.128
Moscaritolo, A.: scmagazine.com, Zeus spreading through drive-by download. http://goo.gl/KJ4y8 (2009)
Mrozek, T.: justice.gov, Wyoming man charged with infecting thousands of computers with ‘trojan’ that he used to commit fraud. http://goo.gl/G6wtW (2008)
Mushtaq, A.: fireeye.com, Killing the beast – part 5. http://goo.gl/mtDH7 (2012)
Nazario, J.: arbornetworks.com, Nugache: TCP port 8 bot. http://goo.gl/FqF6D (2006)
Nunnery, C., Sinclair, G., Kang, B.B.: Tumbling down the rabbit hole: exploring the idiosyncrasies of botmaster systems in a multi-tier botnet infrastructure. In: Proceedings of the 3rd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’10, San Jose, pp. 1–1. USENIX Association, Berkeley (2010)
Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of the 2008 Blackhat Conference, BLACKHAT’08, Las Vegas (2008)
Palmieri, F., Fiore, U.: Enhanced security strategies for MPLS signaling. J. Netw. 2(5), 1–13 (2007). doi:10.4304/jnw.2.5.1-13
Pang, W.L., Chieng, D., Ahmad, N.N.: A practical layer 3 admission control and adaptive scheduling (l3-acas) for cots wlans. Wirel. Pers. Commun. 63(3), 655–674 (2012). doi:10.1007/s11277-010-0157-7
Park, Y., Reeves, D.S.: Identification of bot commands by run-time execution monitoring. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC’09, Honolulu, pp. 321–330. IEEE Computer Society, Washington, DC (2009). doi:10.1109/ACSAC. 2009.37
Pathak, A., Qian, F., Hu, Y.C., Mao, Z.M., Ranjan, S.: Botnet spam campaigns can be long lasting: evidence, implications, and analysis. In: Proceedings of the 11th International Joint Conference on Measurement and Modeling of Computer Systems, SIGMETRICS’09, Seattle, pp.13–24. ACM, New York (2009). doi:10.1145/1555349. 1555352
Paul, R.: arstechnica.com, Researchers track Ron Paul spam back to Reactor botnet. http://goo.gl/Qgk5Q (2007)
Pitsillidis, A., Kanich, C., Voelker, G.M., Levchenko, K., Savage, S.: Taster’s choice: a comparative analysis of spam feeds. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, Boston, pp. 427–440. ACM, New York (2012). doi:10.1145/ 2398776.2398821
Porras, P., Saïdi, H., Yegneswaran, V.: A foray into Conficker’s logic and rendezvous points. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’09, Boston, pp. 7–7. USENIX Association, Berkeley (2009)
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2007)
Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iFRAMEs point to us. In: Proceedings of the 17th Conference on Security Symposium, SS’08, San Jose, pp. 1–15. USENIX Association, Berkeley (2008)
Provos, N., Rajab, M.A., Mavrommatis, P.: Cybercrime 2.0: when the cloud turns dark. Queue 7(2), 46–47 (2009). doi:10.1145/1515964. 1517412
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets, HotBots’07, Cambridge, pp. 5–5. USENIX Association, Berkeley (2007)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. ACM SIGCOMM Comput. Commun. Rev. 36(4), 291–302 (2006). doi:10.1145/1151659.1159947
Rekhter, Y., Karrenberg, D., Groot, G., Moskowitz, B.: ietf.org, RFC 1918: address allocation for private internets. http://goo.gl/qTuQN (1996)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 199–212. ACM, New York (2009). doi:10.1145/1653662.1653687
Rouiller, S.: askapache.com, Virtual LAN security: weaknesses and countermeasures. http://goo.gl/wrCZf (2006)
Sanchez, F., Duan, Z.: Region-based BGP announcement filtering for improved BGP security. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 89–100. ACM, New York (2010). doi:10.1145/1755688. 1755701
Schneider, D.: Fresh phish. IEEE Spectr. 45(10), 34–38 (2008). doi:10. 1109/MSPEC.2008.4635052
securelist.com,TDL4: top bot. http://goo.gl/23BaA (2011)
Sheldon, F.T., Vishik, C.: Moving toward trustworthy systems: R&d essentials. Computer 43(9), 31–40 (2010). doi:10.1109/MC.2010.261
Sinclair, G., Nunnery, C., Kang, B.: The Waledac protocol: the how and why. In: Proceedings of the 4th International Conference on Malicious and Unwanted Software, MALWARE’09, Montreal, pp. 69–77. IEEE Computer Society, Washington, DC (2009). doi:10.1109/MALWARE. 2009.5403015
Song, C., Zhuge, J., Han, X., Ye, Z.: Preventing drive-by download via inter-module communication monitoring. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 124–134. ACM, New York (2010). doi:10.1145/1755688.1755705
Srinivasan, K., Yuuw, S., Adelmeyer, T.J.: Dynamic VM migration: assessing its risks & rewards using a benchmark. ACM SIGSOFT Softw. Eng. Notes 36(5), 317–322 (2011). doi:10.1145/1958746.1958791
Srivatsa, M., Iyengar, A., Yin, J., Liu, L.: Mitigating application-level denial of service attacks on web servers: a client-transparent approach. ACM Trans. Web 2(3), 15:1–15:49 (2008). doi:10.1145/1377488.1377489
Stone, B.: nytimes.com, Pakistan cuts access to YouTube worldwide. http://goo.gl/qG0Hn (2008)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 635–647. ACM, New York (2009). doi:10.1145/1653662. 1653738
Stone-Gross, B., Holz, T., Stringhini, G., Vigna, G.: The underground economy of spam: a botmaster’s perspective of coordinating large-scale spam campaigns. In: Proceedings of the 4th USENIX Conference on Large-Scale Exploits and Emergent Threats, LEET’11, Boston, pp. 4–4. USENIX Association, Berkeley (2011)
Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the storm and nugache trojans: P2p is here. Login Issue 32(6), 18–27 (2007)
symantec.com, W32.Stration. http://goo.gl/RZl3e (2007)
symantec.com, Trojan.Srizbi. http://goo.gl/nOExB (2007)
symantec.com, Gumblar. http://goo.gl/GV3m0 (2009)
symantec.com, Backdoor.Tidserv. http://goo.gl/Z4B1Z (2012)
Thonnard, O., Dacier, M.: A strategic analysis of spam botnets operations. In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS’11, Perth, pp. 162–171. ACM, New York (2011). doi:10.1145/2030376.2030395
Tung, L.: zdnet.co.uk, Storm worm: more powerful than Blue Gene. http://goo.gl/4zNr9 (2007)
Van Gundy, M., Balzarotti, D., Vigna, G.: Catch me, if you can: evading network signatures with web-based polymorphic worms. In: Proceedings of the 1st USENIX Workshop on Offensive Technologies, WOOT’07, Boston, pp. 7:1–7:9. USENIX Association, Berkeley (2007)
Vijayan, J.: computerworld.com, U.K. Web hoster, customers scramble after attack deletes 100,000 sites. http://goo.gl/fMfye (2009)
Wählisch, M., Maennel, O., Schmidt, T.C.: Towards detecting bgp route hijacking using the rpki. In: Proceedings of the 2012 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM’12, Helsinki, pp. 103–104. ACM, New York (2012). doi:10.1145/2342356.2342381
Wang, L., Li, Z., Chen, Y., Fu, Z., Li, X.: Thwarting zero-day polymorphic worms with network-level length-based signature generation. IEEE/ACM Trans. Netw. 18(1), 53–66 (2010). doi:10.1109/ TNET.2009.2020431
Wang, P., Aslam, B., Zou, C.C.: Peer-to-peer botnets, Chap. 18. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 335–350. Springer, Heidelberg (2010)
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010). doi:10.1109/TDSC.2008.35
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev. 38(4), 171–182 (2008). doi:10.1145/1402946.1402979
Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC’10, Melbourne, pp. 48–61. ACM, New York (2010). doi:10.1145/ 1879141.1879148
Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: nature, dynamics, and defense implications. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11, Hong Kong, pp. 196–206. ACM, New York (2011). doi:10.1145/1966913.1966939
Yang, S., Wu, J.: Efficient broadcasting using network coding and directional antennas in MANETs. IEEE Trans. Parallel Distrib. Syst. 21(2), 148–161 (2010). doi:10.1109/TPDS.2009.44
Ye, K., Jiang, X., Ma, R., Yan, F.: Vc-migration: live migration of virtual clusters in the cloud. In: Proceedings of the 2012 ACM/IEEE 13th International Conference on Grid Computing, GRID’12, Beijing, pp. 209–218. IEEE Computer Society, Washington, DC (2012). doi:10. 1109/Grid.2012.27
Yu, J., Wang, N., Wang, G., Yu, D.: Review: connected dominating sets in wireless ad hoc and sensor networks – a comprehensive survey. Comput. Commun. 36(2), 121–134 (2013). doi:10.1016/j.comcom.2012. 10.005
Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M.: Practical defenses against BGP prefix hijacking. In: Proceedings of the 2007 ACM CoNEXT Conference, CoNEXT’07, New York, pp. 3:1–3:12. ACM, New York (2007). doi:10.1145/1364654.1364658
Zhang, L., Yu, S., Wu, D., Watters, P.: A survey on latest botnet attack and defense. In: Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM’11, Changsha, pp. 53–60. IEEE Computer Society, Washington, DC (2011). doi:10.1109/TrustCom.2011.11
Zhang, Z., Lu, B., Liao, P., Liu, C., Cui, X.: A hierarchical hybrid structure for botnet control and command. In: Proceedings of the 2011 IEEE International Conference on Computer Science and Automation Engineering, CSAE’11, Shanghai, pp. 483–489. IEEE Computer Society Press, Washington, DC (2011). doi:10.1109/CSAE.2011.5953266
Zhang, R., Huang, S., Qi, Z., Guan, H.: Static program analysis assisted dynamic taint tracking for software vulnerability discovery. Comput. Math. Appl. 63(2), 469–480 (2012). doi:10.1016/j.camwa.2011.08.001
Zhu, Z., Lu, G., Chen, Y., Fu, Z.J., Roberts, P., Han, K.: Botnet research survey. In: Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference, COMPSAC’08, Turku, pp. 967–972. IEEE Computer Society, Washington, DC (2008). doi:10.1109/COMPSAC.2008.205
Zhuge, J., Holz, T., Han, X., Guo, J., Zou, W.: Characterizing the IRC-based botnet phenomenon. Technical report, Universität Mannheim/Institut für Informatik (2007)
Acknowledgements
This material is based upon work partially supported by the Northrop Grumman Cybersecurity Research Consortium grant, the Air Force Office of Scientific Research (AFOSR) and the Air Force Research Laboratory (AFRL) Visiting Faculty Research Program (VFRP) extension grant LRIR 11RI01COR.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Peng, W., Li, F., Zou, X. (2014). Moving Target Defense for Cloud Infrastructures: Lessons from Botnets. In: Han, K., Choi, BY., Song, S. (eds) High Performance Cloud Auditing and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-3296-8_2
Download citation
DOI: https://doi.org/10.1007/978-1-4614-3296-8_2
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-3295-1
Online ISBN: 978-1-4614-3296-8
eBook Packages: EngineeringEngineering (R0)