Skip to main content
SpringerLink
Log in

Moving Target Defense for Cloud Infrastructures: Lessons from Botnets

  • Chapter
  • First Online:
High Performance Cloud Auditing and Applications

Abstract

While providing elasticity to clients through on-demand service and cost-effectiveness to service providers through efficient resource allocation, current cloud infrastructures are largely homogeneously and statically configured for ease of administration. This leaves ample opportunities for attackers to reconnoiter and penetrate the security perimeter of cloud services. This chapter (1) explores the evolution in botnet technologies from the early static architectures to the recent dynamic and resilient architectures that employ various moving target defense (MTD) techniques to circumvent crackdowns, and (2) draws lessons from botnets in identifying cloud security challenges and proposed solutions to MTD for cloud infrastructures, in which the cloud infrastructure configuration constantly evolves to confuse attackers without significantly degrading the quality of service. Proposed solutions may increase the cost for potential attackers by complicating the attack process and limiting the exposure of network vulnerability in order to make the network more resilient against novel and persistent attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC’06, New York, pp. 41–52. ACM, New York (2006). doi:10.1145/ 1177080.1177086

    Google Scholar 

  2. abuse.ch, ZeuS gets more sophisticated using P2P techniques. http://goo.gl/ugThA (2011)

  3. Antonakakis, M., Demar, J., Elisan, C., Jerrim, J.: damballa.com, DGAs and cyber-criminals: a case study. http://goo.gl/yDG2C (2012)

  4. Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of dga-based malware. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, Bellevue, pp. 24–24. USENIX Association, Berkeley (2012)

    Google Scholar 

  5. Aviv, A.J., Haeberlen, A.: Challenges in experimenting with botnet detection systems. In: Proceedings of the 4th Conference on Cyber Security Experimentation and Test, CSET’11, San Francisco, pp. 6–6. USENIX Association, Berkeley (2011)

    Google Scholar 

  6. Baset, S.A., Schulzrinne, H.: An analysis of the skype peer-to-peer internet telephony protocol. In: Proceedings the 25th IEEE International Conference on Computer Communications, INFOCOM’06, Barcelona, pp. 134–146. IEEE, Washington, DC (2006).doi:10.1109/INFOCOM.2006.312

    Google Scholar 

  7. Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secur. 14(1), 2:1–2:28 (2011). doi:10.1145/1952982.1952984

    Google Scholar 

  8. Bayoglu, B., Sogukpinar, I.: Polymorphic worm detection using token-pair signatures. In: Proceedings of the 4th International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, SecPerU’08, Sorrento, pp. 7–12. ACM, New York (2008). doi:10.1145/ 1387329.1387331

    Google Scholar 

  9. Beitollahi, H., Deconinck, G.: Review: analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012). doi:10.1016/j.comcom.2012.04.008

    Article  Google Scholar 

  10. Bhattacharya, J., Vashistha, S.: Utility computing-based framework for e-governance. In: Proceedings of the 2nd International Conference on Theory and Practice of Electronic Governance, ICEGOV’08, Cairo, pp. 303–309. ACM, New York (2008). doi:10.1145/1509096.1509160

    Google Scholar 

  11. Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the Zeus botnet crimeware toolkit. In: Proceedings of 8th Annual International Conference on Privacy Security and Trust, PST’10, Ottawa (2010). doi:10.1109/PST. 2010.5593240

    Google Scholar 

  12. Boshmaf, Y., Muslukhov, I., Beznosov, K., Ripeanu, M.: The socialbot network: when bots socialize for fame and money. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC’11, Orlando, pp. 93–102. ACM, New York (2011). doi:10.1145/2076732. 2076746

    Google Scholar 

  13. Boyd, S., Keromytis, A.: SQLrand: preventing SQL injection attacks. In: Proceedings of the 2nd Applied Cryptography and Network Security, ACNS’04, Yellow Mountain, pp. 292–302 (2004)

    Google Scholar 

  14. businesswire.com, Amazon Web Services launches “Elastic IPs” – static IPs for dynamic cloud computing

  15. Caracas, A., Altmann, J.: A pricing information service for grid computing. In: Proceedings of the 8th ACM/IFIP/USENIX International Middleware Conference: 5th International Workshop on Middleware for Grid Computing, MGC’07, Newport Beach, pp. 4:1–4:6. ACM, New York (2007). doi:10.1145/1376849.1376853

    Google Scholar 

  16. Cepe, J.: trendmicro.com, The plot thickens for ZeuS-LICAT. http://goo.gl/roa3j (2010)

  17. Cheng, Y., Agrawal, D.: An improved key distribution mechanism for large-scale hierarchical wireless sensor networks. Ad Hoc Netw. 5(1), 35–48 (2007)

    Article  Google Scholar 

  18. Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: Proceedings of the 7th IEEE International Conference on Computer and Information Technology, CIT’07, Fukushima, University of Aizu, pp. 715–720. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  19. Comazzetto, A.: sophos.com, Botnets: the dark side of cloud computing. http://goo.gl/AOaoB

  20. computerweekly.com, Reports of Gumblar’s death greatly exaggerated. http://goo.gl/n41HQ (2009)

  21. confickerworkinggroup.org, Conficker Working Group: lessons learned. http://goo.gl/bfsPZ (2011)

  22. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the 19th International Conference on World Wide Web, WWW’10, Raleigh, pp. 281–290. ACM, New York (2010). doi:10.1145/ 1772690.1772720

    Google Scholar 

  23. Dagon, D., Zou, C., Lee, W.: Modeling botnet propagation using time zones. In: Proceedings of the 13th Network and Distributed System Security, NDSS’06, San Diego. USENIX Association, Berkeley (2006)

    Google Scholar 

  24. Dainotti, A., King, A., Claffy, K., Papale, F., Pescapè, A.: Analysis of a “/0” stealth scan from a botnet. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, Boston, pp. 1–14. ACM, New York (2012). doi:10.1145/2398776.2398778

    Google Scholar 

  25. damballa.com, ZeuS gets more sophisticated using P2P techniques. http://goo.gl/MseB7 (2011)

  26. damballa.com, DGAs in the hands of cyber-criminals. http://goo.gl/MseB7 (2012)

  27. Danchev, D.: zdnet.com, Facebook phishing campaign serving Zeus crimeware. http://goo.gl/dn4cb (2010)

  28. Davis, C., Fernandez, J., Neville, S., McHugh, J.: Sybil attacks as a mitigation strategy against the storm botnet. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software, MALWARE’08, Fairfax. IEEE Computer Society, Washington, DC (2008). doi:10.1109/MALWARE.2008.4690855

    Google Scholar 

  29. De Couto, D.S.J., Aguayo, D., Bicket, J., Morris, R.: A high-throughput path metric for multi-hop wireless routing. Wirel. Netw. 11(4), 419–434 (2005). doi:10.1007/s11276-005-1766-z

    Article  Google Scholar 

  30. dhs.gov, U.S. Homeland Security Cyber Security R&D Center: Moving Target Defense (MTD) program. http://goo.gl/XuIUx (2012)

  31. Dittrich, D., Dietrich, S.: P2P as botnet command and control: a deeper insight. In: Proceedings of the 3rd International Conference On Malicious and Unwanted Software, MALWARE’08, Fairfax, pp. 46–63. IEEE, Piscataway (2008)

    Google Scholar 

  32. Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8(4), 35:1–35:21 (2012). doi:10.1145/2086696.2086714

    Google Scholar 

  33. Dong, Y., Chen, Y., Pan, Z., Dai, J., Jiang, Y.: ReNIC: architectural extension to SR-IOV I/O virtualization for efficient replication. ACM Trans. Archit. Code Optim. 8(4), 40:1–40:22 (2012). doi:10.1145/ 2086696.2086719

    Google Scholar 

  34. Falliere, N.: symantec.com, Sality: story of a peer-to-peer viral network. http://goo.gl/kCfm5 (2011)

  35. fbi.gov, Operation: bot roast. http://goo.gl/FnHZK (2007)

  36. Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of the 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE’09, Athens, pp. 268–273. IEEE Computer Society, Washington, DC (2009). doi:10.1109/SECURWARE.2009.48

    Google Scholar 

  37. Ferguson, R.: trendmicro.eu, The history of the botnet—Part I. http://goo.gl/nfDHl (2010)

  38. Francia, R.: blorge.com, Storm worm network shrinks to about one-tenth of its former size. http://goo.gl/Jw8j7 (2007)

  39. Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC’10, Melbourne, pp. 35–47. ACM, New York (2010). doi:10.1145/1879141.1879147

    Google Scholar 

  40. Gaudin, S.: informationweek.com, Storm worm botnet attacks anti-spam firms. http://goo.gl/0PtVa (2007)

  41. Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets, HotBots’07, Cambridge, pp. 1–1. USENIX Association, Berkeley (2007)

    Google Scholar 

  42. Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, SS’08, San Jose, pp. 139–154. USENIX Association, Berkeley (2008)

    Google Scholar 

  43. Gutmann, P.: The commercial malware industry. In: Proceedings of the 2007 DEFCON Conference, DEFCON’07, Las Vegas (2007)

    Google Scholar 

  44. Hachem, N., Mustapha, Y.B., Granadillo, G.G., Debar, H.: Botnets: lifecycle and taxonomy. In: Proceedings of the 2011 Conference on Network and Information Systems Security, SAR-SSI’11, La Rochelle, pp. 1–8. IEEE Computer Society, Washington, DC (2011). doi:10.1109/ SAR-SSI.2011.5931395

    Google Scholar 

  45. Higgins, K.J.: darkreading.com, New fast-flux botnet unmasked. http://goo.gl/5CpCu (2011)

  46. Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08, San Francisco, pp. 9:1–9:9. USENIX Association, Berkeley (2008)

    Google Scholar 

  47. honeynet.org, Honeywall. http://goo.gl/TU4vi

  48. Howard, A., Hu, Y.: An approach for detecting malicious keyloggers. In: Proceedings of the 2012 Information Security Curriculum Development Conference, InfoSecCD’12, Kennesaw, pp. 53–56. ACM, New York (2012). doi:10.1145/2390317.2390326

    Google Scholar 

  49. Huang, S.Y., Mao, C.H., Lee, H.M.: Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 101–111. ACM, New York (2010). doi:10.1145/1755688.1755702

    Google Scholar 

  50. Huebscher, M.C., McCann, J.A.: A survey of autonomic computing: degrees, models, and applications. ACM Comput. Surv. 40(3), 7:1–7:28 (2008). doi:10.1145/1380584.1380585

    Google Scholar 

  51. hyphenet.com, Fake Verizon Wireless bill notification emails lead to malware. http://goo.gl/PrkaX (2012)

  52. Jabrooth, A.U., Parvathavarthini, B.: Polymorphic worms detection using extended PolyTree. In: Proceedings of the 2nd International Conference on Computational Science, Engineering and Information Technology, CCSEIT’12, Coimbatore, pp. 532–538. ACM, New York (2012). doi:10.1145/2393216.2393305

    Google Scholar 

  53. Jackson, D.: secureworks.com, Untorpig. http://goo.gl/RCfvl (2008)

  54. Jain, P., Sardana, A.: Defending against internet worms using honeyfarm. In: Proceedings of the CUBE International Information Technology Conference, CUBE’12, Pune, pp. 795–800. ACM, New York (2012). doi:10.1145/2381716.2381867

    Google Scholar 

  55. Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011). doi:10.1007/978-1-4614-0977-9

    Google Scholar 

  56. Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100. Springer, New York (2012)

    Google Scholar 

  57. Kang, B.B., Chan-Tin, E., Lee, C.P., Tyra, J., Kang, H.J., Nunnery, C., Wadler, Z., Sinclair, G., Hopper, N., Dagon, D., Kim, Y.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09, Sydney, pp. 23–34. ACM, New York (2009). doi:10.1145/1533057.1533064

    Google Scholar 

  58. Katz, J., Shin, J.S.: Modeling insider attacks on group key-exchange protocols. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS’05, Alexandria, pp. 180–189. ACM, New York (2005). doi:10.1145/1102120.1102146

    Google Scholar 

  59. Kephart, J.O.: Autonomic computing: the first decade. In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC’11, Huddersfield, pp. 1–2. ACM, New York (2011). doi:10.1145/ 1998582.1998584

    Google Scholar 

  60. Lee, S., Kim, J.: Fluxing botnet command and control channels with URL shortening services. Comput. Commun. 36(3), 320–332 (2013). doi:10.1016/j.comcom.2012.10.003

    Article  Google Scholar 

  61. Lemos, R.: eweek.com, ‘Gameover’ financial botnet compromises nearly 700,000 victims. http://goo.gl/izm6t (2012)

  62. Li, Z., Mohapatra, P.: QoS-aware multicasting in DiffServ domains. Comput. Commun. Rev. 34(5), 47–57 (2004). doi:10.1145/1039111. 1039112

    Article  Google Scholar 

  63. Li, Z., Goyal, A., Chen, Y., Paxson, V.: Automating analysis of large-scale botnet probing events. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09, Sydney, pp. 11–22. ACM, New York (2009). doi:10.1145/1533057.1533063

    Google Scholar 

  64. Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: a basis for building self-protecting servers. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS’05, Alexandria, pp. 213–222. ACM, New York (2005). doi:10.1145/ 1102120.1102150

    Google Scholar 

  65. Liu, P., Yang, Z., Song, X., Zhou, Y., Chen, H., Zang, B.: Heterogeneous live migration of virtual machines. In: Proceedings of the International Workshop on Virtualization Technology (IWVT), Beijing (2008)

    Google Scholar 

  66. Liu, C., Lu, W., Zhang, Z., Liao, P., Cui, X.: A recoverable hybrid C&C botnet. In: Proceedings of the 6th International Conference on Malicious and Unwanted Software, MALWARE’11, Fajardo, pp. 110–118. IEEE Computer Society, Washington, DC (2011). doi:10.1109/MALWARE. 2011.6112334

    Google Scholar 

  67. Maggio, M., Hoffmann, H., Santambrogio, M.D., Agarwal, A., Leva, A.: Decision making in autonomic computing systems: comparison of approaches and techniques. In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC’11, Karlsruhe, pp. 201–204. ACM, New York (2011). doi:10.1145/1998582. 1998629

    Google Scholar 

  68. Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Sebastopol (2009)

    Google Scholar 

  69. Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system/ based on the xor metric. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems, Cambridge, pp. 53–65 (2002)

    Google Scholar 

  70. mcafee.com, W32/Akbot. http://goo.gl/cbrRC (2006)

  71. McCarty, B.: Botnets: big and bigger. IEEE Secur. Privacy 1(4), 87–90 (2003). doi:10.1109/MSECP.2003.1219079

    Article  Google Scholar 

  72. Mendonça, L., Santos, H.: Botnets: a heuristic-based detection framework. In: Proceedings of the Fifth International Conference on Security of Information and Networks, SIN’12, Jaipur, pp. 33–40. ACM, New York (2012). doi:10.1145/2388576.2388580

    Google Scholar 

  73. Mercuri, R.T.: Scoping identity theft. Commun. ACM 49(5), 17–21 (2006). doi:10.1145/1125944.1125961

    Article  Google Scholar 

  74. microsoft.com, Microsoft Security Bulletin MS04-011. http://goo.gl/DP4QB (2004)

  75. microsoft.com, How Does Botnets Work? http://goo.gl/UYGQ1 (2009)

  76. Misra, R., Mandal, C.: Rotation of cds via connected domatic partition in Ad Hoc sensor networks. IEEE Trans. Mob. Comput. 8(4), 488–499 (2009). doi:10.1109/TMC.2008.128

    Article  Google Scholar 

  77. Moscaritolo, A.: scmagazine.com, Zeus spreading through drive-by download. http://goo.gl/KJ4y8 (2009)

  78. Mrozek, T.: justice.gov, Wyoming man charged with infecting thousands of computers with ‘trojan’ that he used to commit fraud. http://goo.gl/G6wtW (2008)

  79. Mushtaq, A.: fireeye.com, Killing the beast – part 5. http://goo.gl/mtDH7 (2012)

  80. Nazario, J.: arbornetworks.com, Nugache: TCP port 8 bot. http://goo.gl/FqF6D (2006)

  81. Nunnery, C., Sinclair, G., Kang, B.B.: Tumbling down the rabbit hole: exploring the idiosyncrasies of botmaster systems in a multi-tier botnet infrastructure. In: Proceedings of the 3rd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’10, San Jose, pp. 1–1. USENIX Association, Berkeley (2010)

    Google Scholar 

  82. Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of the 2008 Blackhat Conference, BLACKHAT’08, Las Vegas (2008)

    Google Scholar 

  83. Palmieri, F., Fiore, U.: Enhanced security strategies for MPLS signaling. J. Netw. 2(5), 1–13 (2007). doi:10.4304/jnw.2.5.1-13

    Google Scholar 

  84. Pang, W.L., Chieng, D., Ahmad, N.N.: A practical layer 3 admission control and adaptive scheduling (l3-acas) for cots wlans. Wirel. Pers. Commun. 63(3), 655–674 (2012). doi:10.1007/s11277-010-0157-7

    Article  Google Scholar 

  85. Park, Y., Reeves, D.S.: Identification of bot commands by run-time execution monitoring. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC’09, Honolulu, pp. 321–330. IEEE Computer Society, Washington, DC (2009). doi:10.1109/ACSAC. 2009.37

    Google Scholar 

  86. Pathak, A., Qian, F., Hu, Y.C., Mao, Z.M., Ranjan, S.: Botnet spam campaigns can be long lasting: evidence, implications, and analysis. In: Proceedings of the 11th International Joint Conference on Measurement and Modeling of Computer Systems, SIGMETRICS’09, Seattle, pp.13–24. ACM, New York (2009). doi:10.1145/1555349. 1555352

    Google Scholar 

  87. Paul, R.: arstechnica.com, Researchers track Ron Paul spam back to Reactor botnet. http://goo.gl/Qgk5Q (2007)

  88. Pitsillidis, A., Kanich, C., Voelker, G.M., Levchenko, K., Savage, S.: Taster’s choice: a comparative analysis of spam feeds. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, Boston, pp. 427–440. ACM, New York (2012). doi:10.1145/ 2398776.2398821

    Google Scholar 

  89. Porras, P., Saïdi, H., Yegneswaran, V.: A foray into Conficker’s logic and rendezvous points. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’09, Boston, pp. 7–7. USENIX Association, Berkeley (2009)

    Google Scholar 

  90. Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2007)

    Google Scholar 

  91. Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iFRAMEs point to us. In: Proceedings of the 17th Conference on Security Symposium, SS’08, San Jose, pp. 1–15. USENIX Association, Berkeley (2008)

    Google Scholar 

  92. Provos, N., Rajab, M.A., Mavrommatis, P.: Cybercrime 2.0: when the cloud turns dark. Queue 7(2), 46–47 (2009). doi:10.1145/1515964. 1517412

    Google Scholar 

  93. Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets, HotBots’07, Cambridge, pp. 5–5. USENIX Association, Berkeley (2007)

    Google Scholar 

  94. Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. ACM SIGCOMM Comput. Commun. Rev. 36(4), 291–302 (2006). doi:10.1145/1151659.1159947

    Article  Google Scholar 

  95. Rekhter, Y., Karrenberg, D., Groot, G., Moskowitz, B.: ietf.org, RFC 1918: address allocation for private internets. http://goo.gl/qTuQN (1996)

  96. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 199–212. ACM, New York (2009). doi:10.1145/1653662.1653687

    Google Scholar 

  97. Rouiller, S.: askapache.com, Virtual LAN security: weaknesses and countermeasures. http://goo.gl/wrCZf (2006)

  98. Sanchez, F., Duan, Z.: Region-based BGP announcement filtering for improved BGP security. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 89–100. ACM, New York (2010). doi:10.1145/1755688. 1755701

    Google Scholar 

  99. Schneider, D.: Fresh phish. IEEE Spectr. 45(10), 34–38 (2008). doi:10. 1109/MSPEC.2008.4635052

    Google Scholar 

  100. securelist.com,TDL4: top bot. http://goo.gl/23BaA (2011)

  101. Sheldon, F.T., Vishik, C.: Moving toward trustworthy systems: R&d essentials. Computer 43(9), 31–40 (2010). doi:10.1109/MC.2010.261

    Article  Google Scholar 

  102. Sinclair, G., Nunnery, C., Kang, B.: The Waledac protocol: the how and why. In: Proceedings of the 4th International Conference on Malicious and Unwanted Software, MALWARE’09, Montreal, pp. 69–77. IEEE Computer Society, Washington, DC (2009). doi:10.1109/MALWARE. 2009.5403015

    Google Scholar 

  103. Song, C., Zhuge, J., Han, X., Ye, Z.: Preventing drive-by download via inter-module communication monitoring. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 124–134. ACM, New York (2010). doi:10.1145/1755688.1755705

    Google Scholar 

  104. Srinivasan, K., Yuuw, S., Adelmeyer, T.J.: Dynamic VM migration: assessing its risks & rewards using a benchmark. ACM SIGSOFT Softw. Eng. Notes 36(5), 317–322 (2011). doi:10.1145/1958746.1958791

    Article  Google Scholar 

  105. Srivatsa, M., Iyengar, A., Yin, J., Liu, L.: Mitigating application-level denial of service attacks on web servers: a client-transparent approach. ACM Trans. Web 2(3), 15:1–15:49 (2008). doi:10.1145/1377488.1377489

    Google Scholar 

  106. Stone, B.: nytimes.com, Pakistan cuts access to YouTube worldwide. http://goo.gl/qG0Hn (2008)

  107. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 635–647. ACM, New York (2009). doi:10.1145/1653662. 1653738

    Google Scholar 

  108. Stone-Gross, B., Holz, T., Stringhini, G., Vigna, G.: The underground economy of spam: a botmaster’s perspective of coordinating large-scale spam campaigns. In: Proceedings of the 4th USENIX Conference on Large-Scale Exploits and Emergent Threats, LEET’11, Boston, pp. 4–4. USENIX Association, Berkeley (2011)

    Google Scholar 

  109. Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the storm and nugache trojans: P2p is here. Login Issue 32(6), 18–27 (2007)

    Google Scholar 

  110. symantec.com, W32.Stration. http://goo.gl/RZl3e (2007)

  111. symantec.com, Trojan.Srizbi. http://goo.gl/nOExB (2007)

  112. symantec.com, Gumblar. http://goo.gl/GV3m0 (2009)

  113. symantec.com, Backdoor.Tidserv. http://goo.gl/Z4B1Z (2012)

  114. Thonnard, O., Dacier, M.: A strategic analysis of spam botnets operations. In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS’11, Perth, pp. 162–171. ACM, New York (2011). doi:10.1145/2030376.2030395

    Google Scholar 

  115. Tung, L.: zdnet.co.uk, Storm worm: more powerful than Blue Gene. http://goo.gl/4zNr9 (2007)

  116. Van Gundy, M., Balzarotti, D., Vigna, G.: Catch me, if you can: evading network signatures with web-based polymorphic worms. In: Proceedings of the 1st USENIX Workshop on Offensive Technologies, WOOT’07, Boston, pp. 7:1–7:9. USENIX Association, Berkeley (2007)

    Google Scholar 

  117. Vijayan, J.: computerworld.com, U.K. Web hoster, customers scramble after attack deletes 100,000 sites. http://goo.gl/fMfye (2009)

  118. Wählisch, M., Maennel, O., Schmidt, T.C.: Towards detecting bgp route hijacking using the rpki. In: Proceedings of the 2012 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM’12, Helsinki, pp. 103–104. ACM, New York (2012). doi:10.1145/2342356.2342381

    Google Scholar 

  119. Wang, L., Li, Z., Chen, Y., Fu, Z., Li, X.: Thwarting zero-day polymorphic worms with network-level length-based signature generation. IEEE/ACM Trans. Netw. 18(1), 53–66 (2010). doi:10.1109/ TNET.2009.2020431

    Article  Google Scholar 

  120. Wang, P., Aslam, B., Zou, C.C.: Peer-to-peer botnets, Chap. 18. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 335–350. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  121. Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010). doi:10.1109/TDSC.2008.35

    Article  Google Scholar 

  122. Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev. 38(4), 171–182 (2008). doi:10.1145/1402946.1402979

    Article  Google Scholar 

  123. Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC’10, Melbourne, pp. 48–61. ACM, New York (2010). doi:10.1145/ 1879141.1879148

    Google Scholar 

  124. Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: nature, dynamics, and defense implications. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11, Hong Kong, pp. 196–206. ACM, New York (2011). doi:10.1145/1966913.1966939

    Google Scholar 

  125. Yang, S., Wu, J.: Efficient broadcasting using network coding and directional antennas in MANETs. IEEE Trans. Parallel Distrib. Syst. 21(2), 148–161 (2010). doi:10.1109/TPDS.2009.44

    Article  Google Scholar 

  126. Ye, K., Jiang, X., Ma, R., Yan, F.: Vc-migration: live migration of virtual clusters in the cloud. In: Proceedings of the 2012 ACM/IEEE 13th International Conference on Grid Computing, GRID’12, Beijing, pp. 209–218. IEEE Computer Society, Washington, DC (2012). doi:10. 1109/Grid.2012.27

    Google Scholar 

  127. Yu, J., Wang, N., Wang, G., Yu, D.: Review: connected dominating sets in wireless ad hoc and sensor networks – a comprehensive survey. Comput. Commun. 36(2), 121–134 (2013). doi:10.1016/j.comcom.2012. 10.005

    Article  Google Scholar 

  128. Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M.: Practical defenses against BGP prefix hijacking. In: Proceedings of the 2007 ACM CoNEXT Conference, CoNEXT’07, New York, pp. 3:1–3:12. ACM, New York (2007). doi:10.1145/1364654.1364658

    Google Scholar 

  129. Zhang, L., Yu, S., Wu, D., Watters, P.: A survey on latest botnet attack and defense. In: Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM’11, Changsha, pp. 53–60. IEEE Computer Society, Washington, DC (2011). doi:10.1109/TrustCom.2011.11

    Google Scholar 

  130. Zhang, Z., Lu, B., Liao, P., Liu, C., Cui, X.: A hierarchical hybrid structure for botnet control and command. In: Proceedings of the 2011 IEEE International Conference on Computer Science and Automation Engineering, CSAE’11, Shanghai, pp. 483–489. IEEE Computer Society Press, Washington, DC (2011). doi:10.1109/CSAE.2011.5953266

    Google Scholar 

  131. Zhang, R., Huang, S., Qi, Z., Guan, H.: Static program analysis assisted dynamic taint tracking for software vulnerability discovery. Comput. Math. Appl. 63(2), 469–480 (2012). doi:10.1016/j.camwa.2011.08.001

    Article  Google Scholar 

  132. Zhu, Z., Lu, G., Chen, Y., Fu, Z.J., Roberts, P., Han, K.: Botnet research survey. In: Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference, COMPSAC’08, Turku, pp. 967–972. IEEE Computer Society, Washington, DC (2008). doi:10.1109/COMPSAC.2008.205

    Google Scholar 

  133. Zhuge, J., Holz, T., Han, X., Guo, J., Zou, W.: Characterizing the IRC-based botnet phenomenon. Technical report, Universität Mannheim/Institut für Informatik (2007)

    Google Scholar 

Download references

Acknowledgements

This material is based upon work partially supported by the Northrop Grumman Cybersecurity Research Consortium grant, the Air Force Office of Scientific Research (AFOSR) and the Air Force Research Laboratory (AFRL) Visiting Faculty Research Program (VFRP) extension grant LRIR 11RI01COR.

Author information

Authors and Affiliations

  1. Indiana University-Purdue University Indianapolis, Indianapolis, IN, USA

    Wei Peng, Feng Li & Xukai Zou

Authors
  1. Wei Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xukai Zou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Feng Li .

Editor information

Editors and Affiliations

  1. Air Force Research Laboratory, Rome, New York, USA

    Keesook J. Han

  2. School of Computing and Engineering, University of Missouri - Kansas City, Kansas City, Missouri, USA

    Baek-Young Choi

  3. Department of Engineering Technology The Dwight Look College of Engineering, Texas A&M University, College Station, Texas, USA

    Sejun Song

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Peng, W., Li, F., Zou, X. (2014). Moving Target Defense for Cloud Infrastructures: Lessons from Botnets. In: Han, K., Choi, BY., Song, S. (eds) High Performance Cloud Auditing and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-3296-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-3296-8_2

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-3295-1

  • Online ISBN: 978-1-4614-3296-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation