Title :
The Automatic Discovery, Identification and Measurement of Botnets
Author :
Castle, Ian ; Buckley, Eimear
Author_Institution :
ECSC Ltd., Bradford
Abstract :
The majority of virus, spam and malicious emails are sent through the use of a network of compromised computers, or botnet. The early discovery and identification of the botnet is an important aspect in the understanding of, and the development of responses to new threats aimed at email systems and their users. In this paper we present a novel technique for the automatic identification, analysis and measurement of botnets used to deliver malicious email. The paper also describes a reference implementation of a system developed to demonstrate these techniques. This system has been deployed in a live environment, and has shown to be highly effective in use. Practical applications for the use of the techniques developed, include improved anti-spam and anti-virus systems, are presented.
Keywords :
computer viruses; software agents; unsolicited e-mail; anti-spam systems; anti-virus systems; botnets discovery; malicious emails; Bandwidth; Computer networks; Computer security; Information security; Internet; Payloads; Real time systems; Relays; Software performance; Uniform resource locators; botnet; discovery; identification system; malicious email;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on
Conference_Location :
Cap Esterel
Print_ISBN :
978-0-7695-3329-2
Electronic_ISBN :
978-0-7695-3329-2
DOI :
10.1109/SECURWARE.2008.44
