A Survey on Latest Botnet Attack and Defense

Author

Zhang, Lei ; Yu, Shui ; Wu, Di ; Watters, Paul

Author_Institution

Sch. of Inf. Technol., Deakin Univ., Burwood, VIC, Australia

fYear

2011

fDate

16-18 Nov. 2011

Firstpage

53

Lastpage

60

Abstract

A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

Keywords

Internet; security of data; DDoS attack; DF; FF; botnet attack; botnet defense; compromised computers; cyber attacks; domain fluxing; fast fluxing; fluxing detection methods; information phishing; network attacks; Accuracy; Databases; IP networks; Measurement; Monitoring; Sensors; Servers; Botnet; Domain Fluxing; Fast Fluxing; Survey;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on

Conference_Location

Changsha

Print_ISBN

978-1-4577-2135-9

Type

conf

DOI

10.1109/TrustCom.2011.11

Filename

6120803