Abstract
A botnet is group of compromised computers that are controlled by a botmaster, who uses them to perform illegal activities. Centralized and P2P (Peer-to-Peer) botnets are the most commonly used botnet types. Honeypots have been used in many systems as computer defense. They are used to attract botmasters to add them in their botnets; to become spies in exposing botnet attacker behaviors. In recent research works, improved mechanisms for honeypot detection have been proposed. Such mechanisms would enable bot masters to distinguish honeypots from real bots, making it more difficult for honeypots to join botnets. This paper presents a new method that can be used by security defenders to overcome the authentication procedure used by the advanced two-stage reconnaissance worm (ATSRW). The presented method utilizes the peer list information sent by an infected host during the ATSRW authentication process and uses a combination of IP address spoofing and fake TCP three-way handshake. The paper provides an analytical study on the performance and the success probability of the presented method. We show that the presented method provide a higher chance for honeypots to join botnets despite security measures taken by botmasters.
Original language | English |
---|---|
Title of host publication | ICETECH 2015 - 2015 IEEE International Conference on Engineering and Technology |
Place of Publication | United States |
Publisher | IEEE, Institute of Electrical and Electronics Engineers |
Pages | 1-7 |
Number of pages | 7 |
ISBN (Electronic) | 9781479918546 |
DOIs | |
Publication status | Published - 23 Sept 2015 |
Event | IEEE International Conference on Engineering and Technology, ICETECH 2015 - Rathinam Technical Campus, Coimbatore, India Duration: 20 Mar 2015 → 20 Mar 2015 https://web.archive.org/web/20150312164419/http://www.icetech.rathinamcollege.com/home/ |
Publication series
Name | ICETECH 2015 - 2015 IEEE International Conference on Engineering and Technology |
---|
Conference
Conference | IEEE International Conference on Engineering and Technology, ICETECH 2015 |
---|---|
Country/Territory | India |
City | Coimbatore |
Period | 20/03/15 → 20/03/15 |
Internet address |