DeepAI AI Chat
Log In Sign Up

Mining Function Homology of Bot Loaders from Honeypot Logs

06/01/2022
by   Yuhui Zhu, et al.
0

Self-contained loaders are widely adopted in botnets for injecting loading commands and spawning new bots. While researchers can dissect bot clients to get various information of botnets, the cloud-based and self-contained design of loaders effectively hinders researchers from understanding the loaders' evolution and variation using classic methods. The decoupled nature of bot loaders also dramatically reduces the feasibility of investigating relationships among clients and infrastructures. In this paper, we propose a text-based method to investigate and analyze details of bot loaders using honeypots. We leverage high interaction honeypots to collect request logs and define eight families of bot loaders based on the result of agglomerative clustering. At the function level, we push our study further to explore their homological relationship based on similarity analysis of request logs using sequence aligning techniques. This further exploration discloses that the released code of Mirai keeps spawning new generations of botnets both on the client and the server side. This paper uncovers the homology of active botnet infrastructures, providing a new prospect on finding covert relationships among cybercrimes. Bot loaders are precisely investigated at the function level to yield a new insight for researchers to identify the botnet's infrastructures and track their evolution over time.

READ FULL TEXT
04/14/2019

Secure Consistency Verification for Untrusted Cloud Storage by Public Blockchains

This work presents ContractChecker, a Blockchain-based security protocol...
03/19/2020

FAURAS: A Proxy-based Framework for Ensuring the Fairness of Adaptive Video Streaming over HTTP/2 Server Push

HTTP/2 video streaming has caught a lot of attentions in the development...
12/01/2018

Anomaly Detection for Network Connection Logs

We leverage a streaming architecture based on ELK, Spark and Hadoop in o...
11/27/2022

Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders

One of the innovations brought by Mirai and its derived malware is the a...
01/08/2020

Comparing Constraints Mined From Execution Logs to Understand Software Evolution

Complex software systems evolve frequently, e.g., when introducing new f...
07/20/2018

TCP SYN Cookie Vulnerability

TCP SYN Cookies were implemented to mitigate against DoS attacks. It ens...