Realization of comprehensive Botnet inquisitive actions

摘要

Today''s attack scenery is governed by Botnets. Botnet refers to a group of bots—a sort of malware which allows an attacker to achieve complete control over the affected computer. Botnets are often run by malicious programmers with specific skills. This work is to understand the consequence of large-scale “botnet probes” through investigating the ways to analyze collections of malicious probing traffic. In such events, a whole collection of remote hosts together probes the address space monitored by a sensor in somewhat a synchronized fashion. The goal is to extend methodologies by which sites receiving such probes can understand using purely local surveillance i.e., information about the probing activity regarding scanning strategies the probing employ and whether the attack specifically targets the site, or the site just accidentally probed as part of a larger, unselective attack? Our analysis draws upon comprehensive honeynet data to discover the occurrence of diverse types of scanning, with properties such as trend, uniformity, coordination, and darknet avoidance. Cross-evaluating with data from DShield assures that this approach holds for contributing to a site''s “realization” accurately.