The Dorothy project : an open botnet analysis framework for automatic tracking and activity visualization
Contributo in Atti di convegno
Data di Pubblicazione:
2010
Citazione:
The Dorothy project : an open botnet analysis framework for automatic tracking and activity visualization / M. Cremonini, M. Riccardi - In: EC2ND 2009 : European conference on computer network defense : 9-10 november 2009
Milano, Italy : proceedingsLos Alamitos : Institute of electrical and electronics engineers, 2010. - ISBN 9781424460496. - pp. 52-54 (( convegno European Conference on Computer Network Defense (EC2ND) tenutosi a Milano nel 2009 [10.1109/EC2ND.2009.15].
Abstract:
Botnets, networks of compromised machines
remotely controlled and instructed to work in a coordinated fashion, have had an epidemic diffusion over the Internet and represent one of today's most insidious threat. In this paper, we present an open framework called Dorothy that permits to monitor the activity of a botnet. We propose to characterize a botnet behavior through a set of parameters and a graphical representation. In a case study, we infiltrated and monitored a botnet named siwa collecting information about its functional
structure, geographical distribution, communication mechanisms, command language and operations.
Tipologia IRIS:
03 - Contributo in volume
Elenco autori:
M. Cremonini, M. Riccardi
Link alla scheda completa:
Titolo del libro:
EC2ND 2009 : European conference on computer network defense : 9-10 november 2009
Milano, Italy : proceedings
Milano, Italy : proceedings