Title :
The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization
Author :
Cremonini, Marco ; Riccardi, Marco
Author_Institution :
Dept. of Inf. Technol., Univ. of Milan, Milan, Italy
Abstract :
Botnets, networks of compromised machines remotely controlled and instructed to work in a coordinated fashion, have had an epidemic diffusion over the Internet and represent one of today´s most insidious threat. In this paper, we present an open framework called Dorothy that permits to monitor the activity of a botnet. We propose to characterize a botnet behavior through a set of parameters and a graphical representation. In a case study, we infiltrated and monitored a botnet named siwa collecting information about its functional structure, geographical distribution, communication mechanisms, command language and operations.
Keywords :
data analysis; data visualisation; security of data; Dorothy project; activity visualization; automatic tracking; command language; command operations; communication mechanisms; functional structure; geographical distribution; graphical representation; open botnet analysis; siwa botnet; Automatic control; Command languages; Communication system control; Computer networks; Computerized monitoring; IP networks; Information analysis; Information technology; Remote monitoring; Visualization; botnet; security; security visualization;
Conference_Titel :
Computer Network Defense (EC2ND), 2009 European Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4244-6049-6
DOI :
10.1109/EC2ND.2009.15
