【 摘 要 】

Botnets are a pervasive threat to the Internet and its inhabitants. A botnetis a collection of infected machines that receive commands from the botmaster, aperson, group or nation- state, to perform malicious actions. Instead of “cleaning”individual infections, one can sever the method of communication between a botmasterand her zombies by attempting a botnet takedown, which contains the botnet andits malicious actions.Unfortunately, takedowns are currently performed without technical rigor nor arethere automated and independent means to measure success or assist in performingthem. This dissertation focuses on understanding the criminal infrastructure thatenables communication between a botmaster and her zombies in order to measureattempts at, and to perform, successful takedowns. We show that by interrogatingmalware and performing large-scale analysis of passively collected network data, wecan measure if a past botnet takedown was successful and use the same techniquesto perform more comprehensive takedowns in the future.

【 预 览 】

附件列表

Files	Size	Format	View
Understanding DNS-based criminal infrastructure for informing takedowns	7068KB	PDF	download