MasterBlaster: Identifying influential players in botnet transactions

Napoleon C. Paxton; Gail-Joon Ahn; Mohamed Shehab

doi:10.1109/COMPSAC.2011.61

MasterBlaster: Identifying influential players in botnet transactions

Napoleon C. Paxton, Gail-Joon Ahn, Mohamed Shehab

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Scopus citations

Abstract

Botnets continue to be a critical tool for hackers in exploiting vulnerabilities of systems and destructing computer networks. Botnet monitoring is a method used to study and identify malicious capabilities of a botnet, but current botnet monitoring projects mainly identify the magnitude of the botnet problem and tend to overt some fundamental problems, such as the diversified sources of the attacks. Most malicious botnets have the ability to be rented out to a broad range of potential customers, allowing each customer to launch different attacks from the other. Consequently, under the control of multiple botmasters, various attacks and transactions at different times attempt to damage networked infrastructures. In this paper we propose a multi-layered analysis system called MasterBlaster which identifies the communication characteristics of a botmaster in botnet transactions and correlates those characteristics with evolutionary changes within botnet communication channels. Our results show the level of involvement of the monitored botmasters within a botnet as well as their general motives. Our system clearly indicates that the investigation of each botmaster and analysis of botmaster interactions are essential to cope with net-centric attacks caused by botnets.

Original language	English (US)
Title of host publication	Proceedings - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011
Pages	413-419
Number of pages	7
DOIs	https://doi.org/10.1109/COMPSAC.2011.61
State	Published - 2011
Event	35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011 - Munich, Germany Duration: Jul 18 2011 → Jul 21 2011

Publication series

Name	Proceedings - International Computer Software and Applications Conference
ISSN (Print)	0730-3157

Other

Other	35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011
Country/Territory	Germany
City	Munich
Period	7/18/11 → 7/21/11

Keywords

Attribution
Botnet
Botnet analysis
Botnet monitoring

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC.2011.61

Cite this

Paxton, N. C., Ahn, G.-J., & Shehab, M. (2011). MasterBlaster: Identifying influential players in botnet transactions. In Proceedings - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011 (pp. 413-419). Article 6032373 (Proceedings - International Computer Software and Applications Conference). https://doi.org/10.1109/COMPSAC.2011.61

MasterBlaster: Identifying influential players in botnet transactions. / Paxton, Napoleon C.; Ahn, Gail-Joon; Shehab, Mohamed.
Proceedings - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011. 2011. p. 413-419 6032373 (Proceedings - International Computer Software and Applications Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Paxton, NC, Ahn, G-J & Shehab, M 2011, MasterBlaster: Identifying influential players in botnet transactions. in Proceedings - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011., 6032373, Proceedings - International Computer Software and Applications Conference, pp. 413-419, 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011, Munich, Germany, 7/18/11. https://doi.org/10.1109/COMPSAC.2011.61

@inproceedings{6998990e044c4eb1bc9f746779146794,

title = "MasterBlaster: Identifying influential players in botnet transactions",

abstract = "Botnets continue to be a critical tool for hackers in exploiting vulnerabilities of systems and destructing computer networks. Botnet monitoring is a method used to study and identify malicious capabilities of a botnet, but current botnet monitoring projects mainly identify the magnitude of the botnet problem and tend to overt some fundamental problems, such as the diversified sources of the attacks. Most malicious botnets have the ability to be rented out to a broad range of potential customers, allowing each customer to launch different attacks from the other. Consequently, under the control of multiple botmasters, various attacks and transactions at different times attempt to damage networked infrastructures. In this paper we propose a multi-layered analysis system called MasterBlaster which identifies the communication characteristics of a botmaster in botnet transactions and correlates those characteristics with evolutionary changes within botnet communication channels. Our results show the level of involvement of the monitored botmasters within a botnet as well as their general motives. Our system clearly indicates that the investigation of each botmaster and analysis of botmaster interactions are essential to cope with net-centric attacks caused by botnets.",

keywords = "Attribution, Botnet, Botnet analysis, Botnet monitoring",

author = "Paxton, {Napoleon C.} and Gail-Joon Ahn and Mohamed Shehab",

year = "2011",

doi = "10.1109/COMPSAC.2011.61",

language = "English (US)",

isbn = "9780769544397",

series = "Proceedings - International Computer Software and Applications Conference",

pages = "413--419",

booktitle = "Proceedings - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011",

note = "35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011 ; Conference date: 18-07-2011 Through 21-07-2011",

}

TY - GEN

T1 - MasterBlaster

T2 - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011

AU - Paxton, Napoleon C.

AU - Ahn, Gail-Joon

AU - Shehab, Mohamed

PY - 2011

Y1 - 2011

N2 - Botnets continue to be a critical tool for hackers in exploiting vulnerabilities of systems and destructing computer networks. Botnet monitoring is a method used to study and identify malicious capabilities of a botnet, but current botnet monitoring projects mainly identify the magnitude of the botnet problem and tend to overt some fundamental problems, such as the diversified sources of the attacks. Most malicious botnets have the ability to be rented out to a broad range of potential customers, allowing each customer to launch different attacks from the other. Consequently, under the control of multiple botmasters, various attacks and transactions at different times attempt to damage networked infrastructures. In this paper we propose a multi-layered analysis system called MasterBlaster which identifies the communication characteristics of a botmaster in botnet transactions and correlates those characteristics with evolutionary changes within botnet communication channels. Our results show the level of involvement of the monitored botmasters within a botnet as well as their general motives. Our system clearly indicates that the investigation of each botmaster and analysis of botmaster interactions are essential to cope with net-centric attacks caused by botnets.

AB - Botnets continue to be a critical tool for hackers in exploiting vulnerabilities of systems and destructing computer networks. Botnet monitoring is a method used to study and identify malicious capabilities of a botnet, but current botnet monitoring projects mainly identify the magnitude of the botnet problem and tend to overt some fundamental problems, such as the diversified sources of the attacks. Most malicious botnets have the ability to be rented out to a broad range of potential customers, allowing each customer to launch different attacks from the other. Consequently, under the control of multiple botmasters, various attacks and transactions at different times attempt to damage networked infrastructures. In this paper we propose a multi-layered analysis system called MasterBlaster which identifies the communication characteristics of a botmaster in botnet transactions and correlates those characteristics with evolutionary changes within botnet communication channels. Our results show the level of involvement of the monitored botmasters within a botnet as well as their general motives. Our system clearly indicates that the investigation of each botmaster and analysis of botmaster interactions are essential to cope with net-centric attacks caused by botnets.

KW - Attribution

KW - Botnet

KW - Botnet analysis

KW - Botnet monitoring

UR - http://www.scopus.com/inward/record.url?scp=80054979890&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80054979890&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2011.61

DO - 10.1109/COMPSAC.2011.61

M3 - Conference contribution

AN - SCOPUS:80054979890

SN - 9780769544397

T3 - Proceedings - International Computer Software and Applications Conference

SP - 413

EP - 419

BT - Proceedings - 35th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2011

Y2 - 18 July 2011 through 21 July 2011

ER -

MasterBlaster: Identifying influential players in botnet transactions

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this