Sciweavers

USS
2008

Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods

14 years 1 months ago
Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods
Automated bot/botnet detection is a difficult problem given the high level of attacker power. We propose a systematic approach for evaluating the evadability of detection methods. An evasion tactic has two associated costs: implementation complexity and effect on botnet utility. An evasion tactic's implementation complexity is based on the ease with which bot writers can incrementally modify current bots to evade detection. Modifying a bot in order to evade a detection method may result in a less useful botnet; to explore this, we identify aspects of botnets that impact their revenue-generating capability. For concreteness, we survey some leading automated bot/botnet detection methods, identify evasion tactics for each, and assess the costs of these tactics. We also reconsider assumptions about botnet control that underly many botnet detection methods.
Elizabeth Stinson, John C. Mitchell
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Elizabeth Stinson, John C. Mitchell
Comments (0)