Revealing Botnets Using Network Traffic Statistics

• Authors: ČELEDA Pavel; KREJČÍ Radek; KRMÍČEK Vojtěch
• Year of publication: 2011
• Type: Article in Proceedings
• Conference: Security and Protection of Information 2011
• MU Faculty or unit: Institute of Computer Science
• Field: Informatics
• Keywords: PSYB0T; Chuck Norris botnet; Kaiten; Hydra; malware; botnet; NetFlow
• Description: This paper, based on real world malware observations, presents a state-of-the-art overview of Unix-like embedded malware. We describe botnets using network connected embedded devices (ADSL modems, WiFi routers, etc.) for illicit activities. There does not exist suitable security solution (anti-virus or anti-malware) for these devices. We propose an approach using network traffic statistics to reveal Unix-like embedded malware and its activities.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment