Botnet Intelligence Through Infiltration

Status: Ongoing

We are developing techniques and refining our capability to perform experiments that infiltrate botnets under our control. To this we are developing passive (e.g., decoding the command and control messages and understanding their effects), active (e.g., responding to status requests), and adversarial (e.g., sending messages to incur some action) techniques for botnets.

Our experiments are designed to exercise a range of effective antibotnet stratagems including intelligence gathering on botnet operations, botmaster attribution, and the countermanding of the entire command-and-control infrastructure.

Publications

• Insights from the Inside: A View of Botnet Management from Infiltration. Chia Yuan Cho, Juan Caballero, Chris Grier, Vern Paxson, Dawn Song. Proceedings of the Workshop on Large-Scale Exploits and Emergent Threats, April, 2010. [pdf]
• Inference and Analysis of Formal Models of Botnet Command and Control Protocols. Chia Yuan Cho, Domagoj Babic, Richard Shin and Dawn Song. Proceedings of the ACM Conference on Computer and Communication Security, October, 2010. [pdf]
• What's Clicking What? Techniques and Innovations of Today's Clickbots. Brad Miller, Paul Pearce, Chris Grier, Christian Kreibich, and Vern Paxson. Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, July, 2011.
• Measuring Pay-per-Install: The Commoditization of Malware Distribution. Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. Proceedings of the USENIX Security Symposium, August, 2011.
• Manufacturing Compromise: The Emergence of Exploit-as-a-Service. Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker. Proceedings of the ACM Conference on Computer and Communications Security (CCS), October 2012.

Project members

• Chia Yuan Cho
• Domagoj Babic
• Chris Grier
• Brad Miller
• Vern Paxson
• Paul Pearce
• Dawn Song

Collaboration with

• Juan Caballero (Alumi, now at IMDEA Software, Madrid, Spain).