• DocumentCode
    2779266
  • Title

    The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization

  • Author

    Cremonini, Marco ; Riccardi, Marco

  • Author_Institution
    Dept. of Inf. Technol., Univ. of Milan, Milan, Italy
  • fYear
    2009
  • fDate
    9-10 Nov. 2009
  • Firstpage
    52
  • Lastpage
    54
  • Abstract
    Botnets, networks of compromised machines remotely controlled and instructed to work in a coordinated fashion, have had an epidemic diffusion over the Internet and represent one of today´s most insidious threat. In this paper, we present an open framework called Dorothy that permits to monitor the activity of a botnet. We propose to characterize a botnet behavior through a set of parameters and a graphical representation. In a case study, we infiltrated and monitored a botnet named siwa collecting information about its functional structure, geographical distribution, communication mechanisms, command language and operations.
  • Keywords
    data analysis; data visualisation; security of data; Dorothy project; activity visualization; automatic tracking; command language; command operations; communication mechanisms; functional structure; geographical distribution; graphical representation; open botnet analysis; siwa botnet; Automatic control; Command languages; Communication system control; Computer networks; Computerized monitoring; IP networks; Information analysis; Information technology; Remote monitoring; Visualization; botnet; security; security visualization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Network Defense (EC2ND), 2009 European Conference on
  • Conference_Location
    Milan
  • Print_ISBN
    978-1-4244-6049-6
  • Type

    conf

  • DOI
    10.1109/EC2ND.2009.15
  • Filename
    5494324
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2779266