Botnet Intelligence Through Infiltration
Status: Ongoing
We are developing techniques and refining our capability to perform
experiments that infiltrate botnets under our control. To this we are
developing passive (e.g., decoding the command and control messages and
understanding their effects), active (e.g., responding to status requests),
and adversarial (e.g., sending messages to incur some action) techniques
for botnets.
Our experiments are designed to exercise a range of effective antibotnet
stratagems including intelligence gathering on botnet operations, botmaster
attribution, and the countermanding of the entire
command-and-control infrastructure.
Publications
- Insights from the Inside: A View of Botnet Management from
Infiltration. Chia Yuan Cho, Juan Caballero, Chris Grier, Vern
Paxson, Dawn Song. Proceedings of the Workshop on Large-Scale Exploits and
Emergent Threats, April, 2010. [pdf]
- Inference and Analysis of Formal Models of Botnet Command and Control
Protocols. Chia Yuan Cho, Domagoj Babic, Richard Shin and Dawn Song.
Proceedings of the ACM Conference on Computer and Communication
Security, October, 2010. [pdf]
- What's Clicking What? Techniques and Innovations of Today's
Clickbots. Brad Miller, Paul Pearce, Chris Grier, Christian Kreibich,
and Vern Paxson. Proceedings of the Conference on Detection of Intrusions
and Malware and Vulnerability Assessment, July, 2011.
- Measuring Pay-per-Install: The Commoditization of Malware Distribution.
Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. Proceedings
of the USENIX Security Symposium, August, 2011.
- Manufacturing Compromise: The Emergence of Exploit-as-a-Service. Chris Grier,
Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko,
Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos,
M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson,
Stefan Savage, Geoffrey M. Voelker. Proceedings of the ACM Conference on Computer
and Communications Security (CCS), October 2012.
Project members
Collaboration with