TY - GEN
T1 - Examining social dynamics for countering botnet attacks
AU - Zhao, Ziming
AU - Ahn, Gail-Joon
AU - Hu, Hongxin
PY - 2011
Y1 - 2011
N2 - Even though promising results have been obtained from existing research on bots and associated command and control channels, there is little research in exploring the ways on how bots are created and distributed by adversaries. Consequently, innovative methods that help determine the linkage between the rogue programs and adversaries are imperative for mitigating and combating botnet attacks. Recent study discovers that rogue programs are sold in black markets in online social networks and adversaries use online social networks to coordinate attacks. Correlation of botnet attacks and activities in online underground social networks is crucial to tactically cope with net-centric threats. In this paper, we take the first step toward adversarial behavior identification by modeling social dynamics of underground adversarial communities and tracing the origin of certain malwares and attack events in underground communities. We also describe our evaluation to demonstrate the effectiveness of our approach.
AB - Even though promising results have been obtained from existing research on bots and associated command and control channels, there is little research in exploring the ways on how bots are created and distributed by adversaries. Consequently, innovative methods that help determine the linkage between the rogue programs and adversaries are imperative for mitigating and combating botnet attacks. Recent study discovers that rogue programs are sold in black markets in online social networks and adversaries use online social networks to coordinate attacks. Correlation of botnet attacks and activities in online underground social networks is crucial to tactically cope with net-centric threats. In this paper, we take the first step toward adversarial behavior identification by modeling social dynamics of underground adversarial communities and tracing the origin of certain malwares and attack events in underground communities. We also describe our evaluation to demonstrate the effectiveness of our approach.
UR - http://www.scopus.com/inward/record.url?scp=84857211781&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84857211781&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2011.6134468
DO - 10.1109/GLOCOM.2011.6134468
M3 - Conference contribution
AN - SCOPUS:84857211781
SN - 9781424492688
T3 - GLOBECOM - IEEE Global Telecommunications Conference
BT - 2011 IEEE Global Telecommunications Conference, GLOBECOM 2011
T2 - 54th Annual IEEE Global Telecommunications Conference: "Energizing Global Communications", GLOBECOM 2011
Y2 - 5 December 2011 through 9 December 2011
ER -