Title :
Traceback Framework against Botmaster by Sharing Network Communication Pattern Information
Author :
Mizoguchi, Seiichiro ; Takemori, Keisuke ; Miyake, Yutaka ; Hori, Yoshiaki ; Sakurai, Kouichi
Author_Institution :
Inf. Sci. & Electr. Eng., Kyushu Univ., Fukuoka, Japan
fDate :
June 30 2011-July 2 2011
Abstract :
In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose a framework for botmaster trace back. In this framework, owners of servers which become to C&C server will collaborate and share the communication patterns for trace back. To do this, we propose the information sharing using communication pattern monitoring tools with the servers.
Keywords :
Internet; C&C server; botmaster; botnet; communication pattern monitoring tools; information sharing; network communication pattern information; traceback framework; Communities; Computer crime; Malware; Mobile communication; Servers; Ubiquitous computing; Web and internet services; botmaster traceback; botnet;
Conference_Titel :
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2011 Fifth International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-61284-733-7
Electronic_ISBN :
978-0-7695-4372-7
DOI :
10.1109/IMIS.2011.152
