As the major role of Internet Service Providers becomes shifted from caring for their legitimate x-DSL subscribers and enterprise leased line users to protecting them from outside attacks, botnet detection is currently a hot issue in the telecommunications industry. Through this paper, we introduce efficient botnet pre-detection methods utilizing Honeynets with intended forceful infections based on different multiple channel sources. We applied our methods to a major Internet Service Provider in Korea, making use of multiple channel sources: Payloads from Spam Cut services, Intrusion Detection Systems, and Abuse emails. With our proposed method, we can detect 40% of real C&C server IPs and URLs before they are proven to be malicious sites in public. Also, we could find the C&C servers before they caused many victims during their propagation periods and, eventually, we will be able to shut them down proactively. © 2011 Springer-Verlag.
CITATION STYLE
Moon, Y. H., & Kim, H. K. (2011). Proactive detection of botnets with intended forceful infections from multiple malware collecting channels. In Communications in Computer and Information Science (Vol. 184 CCIS, pp. 29–36). https://doi.org/10.1007/978-3-642-22333-4_4
Mendeley helps you to discover research relevant for your work.