CFP last date
20 January 2025
Reseach Article

An Integrated Framework for Malware Collection and Analysis for Botnet Tracking

Published on March 2012 by Rakesh Kumar Sehgal, D. S. Bhilare, Saurabh Chamotra
Communication Security
Foundation of Computer Science USA
COMNETCS - Number 1
March 2012
Authors: Rakesh Kumar Sehgal, D. S. Bhilare, Saurabh Chamotra
16b380f3-201f-4d99-b2d6-ff64008b8db1

Rakesh Kumar Sehgal, D. S. Bhilare, Saurabh Chamotra . An Integrated Framework for Malware Collection and Analysis for Botnet Tracking. Communication Security. COMNETCS, 1 (March 2012), 50-55.

@article{
author = { Rakesh Kumar Sehgal, D. S. Bhilare, Saurabh Chamotra },
title = { An Integrated Framework for Malware Collection and Analysis for Botnet Tracking },
journal = { Communication Security },
issue_date = { March 2012 },
volume = { COMNETCS },
number = { 1 },
month = { March },
year = { 2012 },
issn = 0975-8887,
pages = { 50-55 },
numpages = 6,
url = { /specialissues/comnetcs/number1/5482-1010/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Special Issue Article
%1 Communication Security
%A Rakesh Kumar Sehgal
%A D. S. Bhilare
%A Saurabh Chamotra
%T An Integrated Framework for Malware Collection and Analysis for Botnet Tracking
%J Communication Security
%@ 0975-8887
%V COMNETCS
%N 1
%P 50-55
%D 2012
%I International Journal of Computer Applications
Abstract

The paper presents the design of an integrated malware collection and analysis framework for botnet tracking. In proposed framework we have used Honypots as malware capturing tool. The proposed system design is unique in the sense that the information regarding the configuration of honeypot on which malware sample has been captured is saved with malware sample in the malware data-base. This system configuration information saved with the malware sample is used at the time of dynamic malware analysis for creating malware execution environment. As an execution environment thus created is analogous to environment in which malware was captured therefore it generates true expected execution behavior leading to capturing of accurate execution traces. Further we have demonstrated the effectiveness of the proposed solution with the help of a prototype system.

References
  1. John Levine, Richard LaBella, Henry Owen, Didier Contis, Brian Culver “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks” School of Electrical and Com puter Engineering
  2. Vinod Yegneswara,Paul Barford,Vern Paxson“Using Honeynets for Internet Situational Awareness”
  3. http://securityresponse.symantec.com/avcenter/
  4. http://www.caida.org/analysis/security/witty/
  5. Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley “Monitoring and Early Warning for Internet Worms”University of Massachusetts at Amherst
  6. David Moore, Vern Paxson, Colleen Shannon, Stuart Staniford, Nicholas Weaver “The Spread of the Sapphire/Slammer Worm”,2003
  7. Leurre.com: on the Advantages of Deploying a Large Scale Distributed Honeynet Platform
  8. www.viruslist.com/de/viruses/encyclopedia?chapter=152540403
  9. A. W. Jackson, D. Lapsley, C. Jones, M. Zatko, C. Golubitsky, and W. T.Strayer, “SLINGbot: A system for live investigation of next generation botnets,” in Cybersecurity Application and Technologies Conference for Homeland Security (CATCH), Washington, DC, USA, Mar. 2009.
  10. J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. In USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.
  11. Reto Baumann and Christian Plattner, “White Paper: Honeynets”, 26 February 2002
  12. J. Yang, P. Ning, X. S. Wang, and S. Jajodia. Cards: A distributed system for detecting coordinated attacks. In SEC, 2000
  13. Iyad Kuwatly, Malek Sraj, Zaid Al Masri, and Hassan Artail. “A Dynamic Honeypot Design for Intrusion Detection” American U. of Beirut
  14. Christopher Hecker, Kara L, Nance, and Brian Hay” Dynamic Honeypot Construction “
  15. X. Jiang and D. Xu. Profiling self-propagating worms via behavioral footprinting. In Proceedings of CCS WORM , 2006
  16. F. Freiling, T. Holz, and G. Wicherski. Botnet tracking: Exploring a root-cause methodology to prevent denial-ofservice attaks. In ESORICS’05.g”
  17. Davide Cavalca and Emanuele Goldoni HIVE:an Open Infrastructure for Malware Collection and Analysis
  18. J. Zhuge, T. Holz, X. Han, C. Song, and W.
  19. Zou. Collecting autonomous spreading malware using high-interaction honeypots. In ICICS 2007, pages 438–451, 2007.
  20. M. Garetto, W. Gong, D. Towsley, “ModelingMalware Spreading Dynamics,” in Proc. of INFOCOM 2003, San Francisco, April, 2003.
  21. Liu, P. W. and Tyan, H. R, “An Adaptive defence mechanism for P2P Botnet.” Unpublished doctoral dissertation, Department of Information and Computer
  22. Saurabh Chamotra, Mr.Rakesh Kumar Sehgal, Dr. Raj Kamal “Honeysand: An Open Source Tools Based Sandbox Environment for Bot Analysis and Botnet tracking”
  23. Hengli Zhao, Ning Zheng, Jian Li, Jingjing Yao, Qiang Hou” Unknown Malware Detection Based on the Full Virtualization and SVM” 2009 International Conference on Management of e-Commerce and e-Government
  24. P. Barford and V. Yegneswaran. An inside look at botnets.In Proc. Special Workshop on Malware Detection, Advancesin Information Security, 2006
  25. Trend Micro. Taxonomy of botnet threats (white paper),November 2006
  26. Saurabh Chamotra, Rakesh Kumar Sehgal Dr. Raj Kamal ,J.S.Bhatia” Data Diversity of a Distributed Honeynet based malware collection system” ,Emerging Trends in Networks and Computer Communications (ETNCC), 2011 International Conference
  27. D. Moore. Network telescopes: Observing small or distant security events. In 11th USENIX Security Symposium, Invited talk, San Francisco, CA, Aug. 5–9 2002. Unpublished
  28. L. Spitzner. “Honeypot Farms”, Infocus, Aug. 2003. http://www.securityfocus.com/infocus/1720.
  29. DShield. Distributed Intrusion Detection System, www.dshield.org, 2007
  30. C. Leita , V.H. Pham , O. Thonnard , E. Ramirez-Silva ,F. Pouget , E. Kirda , M. Dacier , The Leurre.com Project: Collecting Internet Threats Information using a Worldwide Distributed Honeynet 2008 IEEE DOI 10.1109/WISTDE.2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
  31. Mwcollect http://alliance.mwcollect.org.
  32. Details of NOHA project: http://www.fp6-noah.org/publications/presentations/moeller-tfcsirt17.pdf
  33. Honeynet Project http://www.honeynet.org/
  34. L. Spitzner, Honeypots- Tracking Hackers, Indianapolis, IN: Addison-Wesley, 2003, pp. 242-261
Index Terms

Computer Science
Information Sciences

Keywords

Culture Productivity Social Networks Workplace Malware Hack