Traceback framework against botmaster by sharing network communication pattern information

Seiichiro Mizoguchi; Keisuke Takemori; Yutaka Miyake; Yoshiaki Hori; Kouichi Sakurai

doi:10.1109/IMIS.2011.152

Traceback framework against botmaster by sharing network communication pattern information

Seiichiro Mizoguchi, Keisuke Takemori, Yutaka Miyake, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose a framework for botmaster trace back. In this framework, owners of servers which become to C&C server will collaborate and share the communication patterns for trace back. To do this, we propose the information sharing using communication pattern monitoring tools with the servers.

Original language	English
Title of host publication	Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011
Pages	639-644
Number of pages	6
DOIs	https://doi.org/10.1109/IMIS.2011.152
Publication status	Published - Sept 8 2011
Event	2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011 - Seoul, Korea, Republic of Duration: Jun 30 2011 → Jul 2 2011

Publication series

Name	Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011

Other

Other	2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011
Country/Territory	Korea, Republic of
City	Seoul
Period	6/30/11 → 7/2/11

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications

Access to Document

10.1109/IMIS.2011.152

Cite this

Mizoguchi, S., Takemori, K., Miyake, Y., Hori, Y., & Sakurai, K. (2011). Traceback framework against botmaster by sharing network communication pattern information. In Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011 (pp. 639-644). [5976289] (Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011). https://doi.org/10.1109/IMIS.2011.152

Traceback framework against botmaster by sharing network communication pattern information. / Mizoguchi, Seiichiro; Takemori, Keisuke; Miyake, Yutaka et al.
Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011. 2011. p. 639-644 5976289 (Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Mizoguchi, S, Takemori, K, Miyake, Y, Hori, Y & Sakurai, K 2011, Traceback framework against botmaster by sharing network communication pattern information. in Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011., 5976289, Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011, pp. 639-644, 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011, Seoul, Korea, Republic of, 6/30/11. https://doi.org/10.1109/IMIS.2011.152

Mizoguchi S, Takemori K, Miyake Y, Hori Y, Sakurai K. Traceback framework against botmaster by sharing network communication pattern information. In Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011. 2011. p. 639-644. 5976289. (Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011). doi: 10.1109/IMIS.2011.152

Mizoguchi, Seiichiro ; Takemori, Keisuke ; Miyake, Yutaka et al. / Traceback framework against botmaster by sharing network communication pattern information. Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011. 2011. pp. 639-644 (Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011).

@inproceedings{87257a1dcc314642b3eb727aa3c88b04,

title = "Traceback framework against botmaster by sharing network communication pattern information",

abstract = "In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose a framework for botmaster trace back. In this framework, owners of servers which become to C&C server will collaborate and share the communication patterns for trace back. To do this, we propose the information sharing using communication pattern monitoring tools with the servers.",

author = "Seiichiro Mizoguchi and Keisuke Takemori and Yutaka Miyake and Yoshiaki Hori and Kouichi Sakurai",

year = "2011",

month = sep,

day = "8",

doi = "10.1109/IMIS.2011.152",

language = "English",

isbn = "9780769543727",

series = "Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011",

pages = "639--644",

booktitle = "Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011",

note = "2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011 ; Conference date: 30-06-2011 Through 02-07-2011",

}

TY - GEN

T1 - Traceback framework against botmaster by sharing network communication pattern information

AU - Mizoguchi, Seiichiro

AU - Takemori, Keisuke

AU - Miyake, Yutaka

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2011/9/8

Y1 - 2011/9/8

N2 - In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose a framework for botmaster trace back. In this framework, owners of servers which become to C&C server will collaborate and share the communication patterns for trace back. To do this, we propose the information sharing using communication pattern monitoring tools with the servers.

AB - In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose a framework for botmaster trace back. In this framework, owners of servers which become to C&C server will collaborate and share the communication patterns for trace back. To do this, we propose the information sharing using communication pattern monitoring tools with the servers.

UR - http://www.scopus.com/inward/record.url?scp=80052387297&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052387297&partnerID=8YFLogxK

U2 - 10.1109/IMIS.2011.152

DO - 10.1109/IMIS.2011.152

M3 - Conference contribution

AN - SCOPUS:80052387297

SN - 9780769543727

T3 - Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011

SP - 639

EP - 644

BT - Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011

T2 - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011

Y2 - 30 June 2011 through 2 July 2011

ER -

Traceback framework against botmaster by sharing network communication pattern information

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this