【 摘 要 】

Botnets are one of the most serious security threats to the Internet and its end users. A botnet consists of compromised computers that are remotely coordinated by a botmaster under aCommand and Control (C&C) infrastructure. Driven by financial incentives, botmasters leverage botnets to conduct various cybercrimes such as spamming, phishing, identity theft andDistributed-Denial-of-Service (DDoS) attacks. There are three main challenges facing botnet detection. First, code obfuscation is widely employed by current botnets, so signature-based detection is insufficient. Second, the C&Cinfrastructure of botnets has evolved rapidly. Any detection solution targeting one botnet instance can hardly keep up with this change. Third, the proliferation of powerful smartphones presents a new platform for future botnets. Defensetechniques designed for existing botnets may be outsmarted when botnets invade smartphones.Recognizing these challenges, this dissertation proposes behavior-based botnet detection solutions at three different levels---the end host, the edge network and the Internet infrastructure---from a small scale to a large scale, and investigates the next-generation botnet targeting smartphones.It (1) addresses the problem of botnet seeding by devising a per-process containment scheme for end-host systems; (2) proposes a hybrid botnet detection framework for edge networksutilizing combined host- and network-level information; (3) explores the structural properties of botnet topologies andmeasures network components;; capabilities of large-scale botnet detection at the Internet infrastructure level; and (4)presents a proof-of-concept mobile botnet employing SMS messages as the C&C and P2P as the topology to facilitate future research on countermeasures against next-generationbotnets.The dissertation makes three primary contributions. First, the detection solutions proposed utilize intrinsic and fundamentalbehavior of botnets and are immune to malware obfuscation and traffic encryption. Second, the solutions are general enough to identify different types of botnets, not a specific botnetinstance. They can also be extended to counter next-generation botnet threats. Third, the detection solutions function atmultiple levels to meet various detection needs. They each take a different perspective but are highly complementary to each other, forming an integrated botnet detection framework.

【 预 览 】

附件列表

Files	Size	Format	View
On Detection of Current and Next-Generation Botnets.	3616KB	PDF	download