; --------------------------------------------------------------------- ; To submit, log into grace.umd.edu and use the following command: ; /submit 2015 fall 0101 26 botnets.bib ; --------------------------------------------------------------------- ; Required Readings @INPROCEEDINGS{ StoneGross09, title = {Your botnet is my botnet: analysis of a botnet takeover}, author = {Brett Stone-Gross and Marco Cova and Lorenzo Cavallaro and Bob Gilbert and Martin Szydlowski and Richard A. Kemmerer and Christopher Kruegel and Giovanni Vigna}, booktitle = {ACM Conference on Computer and Communications Security}, abstract = {Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this paper, we report on our efforts to take control of the Torpig botnet and study its operations for a period of ten days. During this time, we observed more than 180 thousand infections and recorded almost 70 GB of data that the bots collected. While botnets have been hijacked and studied previously, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of data from the infected victims. This data provides a new understanding of the type and amount of personal information that is stolen by botnets.}, year = {2009}, pages = {635-647}, crossref = {DBLP:conf/ccs/2009}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } @INPROCEEDINGS{ Bilge11, title = {EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis}, author = {Leyla Bilge and Engin Kirda and Christopher Kruegel and Marco Balduzzi}, booktitle = {NDSS}, year = {2011}, crossref = {DBLP:conf/ndss/2011}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } ; BibTex cross-references (don't add anything here) @PROCEEDINGS{ DBLP:conf/ndss/2011, title = {Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011}, booktitle = {NDSS}, publisher = {The Internet Society}, year = {2011}, } @PROCEEDINGS{ DBLP:conf/ccs/2009, title = {Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009}, booktitle = {ACM Conference on Computer and Communications Security}, editor = {Ehab Al-Shaer and Somesh Jha and Angelos D. Keromytis}, isbn = {978-1-60558-894-0}, publisher = {ACM}, year = {2009}, }