Detection of botnets before activation: an enhanced honeypot system for intentional infection and behavioral observation of malware
- Authors
- Moon, Young Hoon; Kim, Eunjin; Hur, Suh Mahn; Kim, Huy Kang
- Issue Date
- 10월-2012
- Publisher
- WILEY-BLACKWELL
- Keywords
- botnet detection; malware; honeynets; intentional infection; behavioral analysis
- Citation
- SECURITY AND COMMUNICATION NETWORKS, v.5, no.10, pp.1094 - 1101
- Indexed
- SCIE
SCOPUS
- Journal Title
- SECURITY AND COMMUNICATION NETWORKS
- Volume
- 5
- Number
- 10
- Start Page
- 1094
- End Page
- 1101
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/107378
- DOI
- 10.1002/sec.431
- ISSN
- 1939-0114
- Abstract
- As botnets have become the primary means for cyber attacks, how to detect botnets becomes an important issue for researchers and practitioners. In this study, we introduce a system that is designed to detect botnets prior to their activation. Pre-detection of botnets becomes available with our enhanced honeypot system that allows us to intentionally infect virtual machines in honeynets. For empirical testing, we applied our system to a major Internet service provider in Korea. After running our proposed system for 12?months, it was found that nearly 40% of blacklisted botnets were pre-detected by our system before their attacks begin. We expect that our system can be used to detect command-and-control servers and to screen them out during their propagation stage before they make harmful attacks. Copyright (c) 2012 John Wiley & Sons, Ltd.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.