Botnets: Lifecycle and taxonomy

Nabil Hachem; Yosra Ben Mustapha; Gustavo Gonzalez Granadillo; Herve Debar

doi:10.1109/SAR-SSI.2011.5931395

Botnets: Lifecycle and taxonomy

Nabil Hachem
, Yosra Ben Mustapha
, Gustavo Gonzalez Granadillo
, Herve Debar

CNRS UMR 5157 SAMOVAR

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The new threat of the Internet, but little known to the 'general public' is constituted by botnets. Botnets are networks of infected computers, which are headed by a pirate called also 'Attacker' or 'Master'. The botnets are nowadays mainly responsible for large-scale coordinated attacks. The attacker can ask the infected computers called 'Agents' or 'Zombies' to perform all sorts of tasks for him, like sending spam, performing DDoS attacks, phishing campaigns, delivering malware, or leasing or selling their botnets to other fraudsters anywhere. In this paper we present a classification that reflects the life cycle and current resilience techniques of botnets, distinguishing the propagation, the injection, the control and the attack phases. Then we study the effectiveness of the adopted taxonomy by applying it to existing botnets to study their main characteristics. We conclude by the upcoming steps in our research.

Original language	English
Title of host publication	2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings
DOIs	https://doi.org/10.1109/SAR-SSI.2011.5931395
Publication status	Published - 1 Aug 2011
Externally published	Yes
Event	2011 Conference on Network and Information Systems Security, SAR-SSI 2011 - Ile de Re, La Rochelle, France Duration: 18 May 2011 → 21 May 2011

Publication series

Name	2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings

Conference

Conference	2011 Conference on Network and Information Systems Security, SAR-SSI 2011
Country/Territory	France
City	Ile de Re, La Rochelle
Period	18/05/11 → 21/05/11

Access to Document

10.1109/SAR-SSI.2011.5931395

Cite this

@inproceedings{8e0d4409631b41ceae976168c5ca085c,

title = "Botnets: Lifecycle and taxonomy",

abstract = "The new threat of the Internet, but little known to the 'general public' is constituted by botnets. Botnets are networks of infected computers, which are headed by a pirate called also 'Attacker' or 'Master'. The botnets are nowadays mainly responsible for large-scale coordinated attacks. The attacker can ask the infected computers called 'Agents' or 'Zombies' to perform all sorts of tasks for him, like sending spam, performing DDoS attacks, phishing campaigns, delivering malware, or leasing or selling their botnets to other fraudsters anywhere. In this paper we present a classification that reflects the life cycle and current resilience techniques of botnets, distinguishing the propagation, the injection, the control and the attack phases. Then we study the effectiveness of the adopted taxonomy by applying it to existing botnets to study their main characteristics. We conclude by the upcoming steps in our research.",

author = "Nabil Hachem and \{Ben Mustapha\}, Yosra and Granadillo, \{Gustavo Gonzalez\} and Herve Debar",

year = "2011",

month = aug,

day = "1",

doi = "10.1109/SAR-SSI.2011.5931395",

language = "English",

isbn = "9781457707377",

series = "2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings",

booktitle = "2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings",

note = "2011 Conference on Network and Information Systems Security, SAR-SSI 2011 ; Conference date: 18-05-2011 Through 21-05-2011",

}

Hachem, N, Ben Mustapha, Y, Granadillo, GG & Debar, H 2011, Botnets: Lifecycle and taxonomy. in 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings., 5931395, 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings, 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Ile de Re, La Rochelle, France, 18/05/11. https://doi.org/10.1109/SAR-SSI.2011.5931395

Botnets: Lifecycle and taxonomy. / Hachem, Nabil; Ben Mustapha, Yosra; Granadillo, Gustavo Gonzalez et al.
2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings. 2011. 5931395 (2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Botnets

T2 - 2011 Conference on Network and Information Systems Security, SAR-SSI 2011

AU - Hachem, Nabil

AU - Ben Mustapha, Yosra

AU - Granadillo, Gustavo Gonzalez

AU - Debar, Herve

PY - 2011/8/1

Y1 - 2011/8/1

N2 - The new threat of the Internet, but little known to the 'general public' is constituted by botnets. Botnets are networks of infected computers, which are headed by a pirate called also 'Attacker' or 'Master'. The botnets are nowadays mainly responsible for large-scale coordinated attacks. The attacker can ask the infected computers called 'Agents' or 'Zombies' to perform all sorts of tasks for him, like sending spam, performing DDoS attacks, phishing campaigns, delivering malware, or leasing or selling their botnets to other fraudsters anywhere. In this paper we present a classification that reflects the life cycle and current resilience techniques of botnets, distinguishing the propagation, the injection, the control and the attack phases. Then we study the effectiveness of the adopted taxonomy by applying it to existing botnets to study their main characteristics. We conclude by the upcoming steps in our research.

AB - The new threat of the Internet, but little known to the 'general public' is constituted by botnets. Botnets are networks of infected computers, which are headed by a pirate called also 'Attacker' or 'Master'. The botnets are nowadays mainly responsible for large-scale coordinated attacks. The attacker can ask the infected computers called 'Agents' or 'Zombies' to perform all sorts of tasks for him, like sending spam, performing DDoS attacks, phishing campaigns, delivering malware, or leasing or selling their botnets to other fraudsters anywhere. In this paper we present a classification that reflects the life cycle and current resilience techniques of botnets, distinguishing the propagation, the injection, the control and the attack phases. Then we study the effectiveness of the adopted taxonomy by applying it to existing botnets to study their main characteristics. We conclude by the upcoming steps in our research.

U2 - 10.1109/SAR-SSI.2011.5931395

DO - 10.1109/SAR-SSI.2011.5931395

M3 - Conference contribution

AN - SCOPUS:79960771968

SN - 9781457707377

T3 - 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings

BT - 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings

Y2 - 18 May 2011 through 21 May 2011

ER -

Botnets: Lifecycle and taxonomy

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this