Framework for botnet emulation and analysis

Show simple item record Lee, Christopher Patrick en_US 2009-06-08T19:22:00Z 2009-06-08T19:22:00Z 2009-03-12 en_US
dc.description.abstract Criminals use the anonymity and pervasiveness of the Internet to commit fraud, extortion, and theft. Botnets are used as the primary tool for this criminal activity. Botnets allow criminals to accumulate and covertly control multiple Internet-connected computers. They use this network of controlled computers to flood networks with traffic from multiple sources, send spam, spread infection, spy on users, commit click fraud, run adware, and host phishing sites. This presents serious privacy risks and financial burdens to businesses and individuals. Furthermore, all indicators show that the problem is worsening because the research and development cycle of the criminal industry is faster than that of security research. To enable researchers to measure botnet connection models and counter-measures, a flexible, rapidly augmentable framework for creating test botnets is provided. This botnet framework, written in the Ruby language, enables researchers to run a botnet on a closed network and to rapidly implement new communication, spreading, control, and attack mechanisms for study. This is a significant improvement over augmenting C++ code-bases for the most popular botnets, Agobot and SDBot. Rubot allows researchers to implement new threats and their corresponding defenses before the criminal industry can. The Rubot experiment framework includes models for some of the latest trends in botnet operation such as peer-to-peer based control, fast-flux DNS, and periodic updates. Our approach implements the key network features from existing botnets and provides the required infrastructure to run the botnet in a closed environment. en_US
dc.publisher Georgia Institute of Technology en_US
dc.subject Simulation en_US
dc.subject Simulators en_US
dc.subject Emulation en_US
dc.subject Spam en_US
dc.subject DDoS en_US
dc.subject Information security en_US
dc.subject Botnets en_US
dc.subject Network security en_US
dc.subject.lcsh Computer networks Security measures
dc.subject.lcsh Computer crimes
dc.title Framework for botnet emulation and analysis en_US
dc.type Dissertation en_US Ph.D. en_US
dc.contributor.department Electrical and Computer Engineering en_US
dc.description.advisor Committee Chair: Copeland, John; Committee Member: Durgin, Gregory; Committee Member: Goodman, Seymour; Committee Member: Owen, Henry; Committee Member: Riley, George en_US

Files in this item

Files Size Format View
lee_christopher_p_200905_phd.pdf 1.614Mb PDF View/ Open

This item appears in the following Collection(s)

Show simple item record