Botnets are a pervasive threat to the Internet and its inhabitants. A botnet
is a collection of infected machines that receive commands from the botmaster, a
person, group or nation- state, to perform malicious actions. Instead of “cleaning”
individual infections, one can sever the method of communication between a botmaster
and her zombies by attempting a botnet takedown, which contains the botnet and
its malicious actions.
Unfortunately, takedowns are currently performed without technical rigor nor are
there automated and independent means to measure success or assist in performing
them. This dissertation focuses on understanding the criminal infrastructure that
enables communication between a botmaster and her zombies in order to measure
attempts at, and to perform, successful takedowns. We show that by interrogating
malware and performing large-scale analysis of passively collected network data, we
can measure if a past botnet takedown was successful and use the same techniques
to perform more comprehensive takedowns in the future.
| Identifer | oai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/54335 |
| Date | 07 January 2016 |
| Creators | Nadji, Yacin Ibrahim |
| Contributors | Lee, Wenke, Antonakakis, Manos |
| Publisher | Georgia Institute of Technology |
| Source Sets | Georgia Tech Electronic Thesis and Dissertation Archive |
| Language | en_US |
| Detected Language | English |
| Type | Dissertation |
| Format | application/pdf |
Page generated in 0.0014 seconds