Botnet Mapping Based on Intersections of Traces

Erez Alfasi; Gil Einziger

doi:10.1145/3491003.3491025

Botnet Mapping Based on Intersections of Traces

Erez Alfasi
, Gil Einziger

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Volumetric attacks are a growing concern for current Internet services. These attacks overwhelm Internet services with requests that prevent legitimate users from accessing the service or dramatically increase operational costs. While bot networks account for most volumetric attacks, the current approaches focus on mitigating a single attack. Our work argues that botnets create distinct patterns that can be detected by analyzing multiple traces from previous attacks. We formalize this idea into concrete bot network mapping algorithms and demonstrate their effectiveness in diverse conditions. Such a mapping implies that mitigation of future attacks is considerably easier, threatening the business model behind bot networks.

Original language	English
Title of host publication	ICDCN 2022 - Proceedings of the 2022 International Conference on Distributed Computing and Networking
Publisher	Association for Computing Machinery
Pages	198-207
Number of pages	10
ISBN (Electronic)	9781450395601
DOIs	https://doi.org/10.1145/3491003.3491025
State	Published - 4 Jan 2022
Event	23rd International Conference on Distributed Computing and Networking, ICDCN 2022 - Virtual, Online, India Duration: 4 Jan 2022 → 7 Jan 2022

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	23rd International Conference on Distributed Computing and Networking, ICDCN 2022
Country/Territory	India
City	Virtual, Online
Period	4/01/22 → 7/01/22

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Access to Document

10.1145/3491003.3491025

Cite this

@inproceedings{43cf772b7cb740639f2e0d627efc137a,

title = "Botnet Mapping Based on Intersections of Traces",

abstract = "Volumetric attacks are a growing concern for current Internet services. These attacks overwhelm Internet services with requests that prevent legitimate users from accessing the service or dramatically increase operational costs. While bot networks account for most volumetric attacks, the current approaches focus on mitigating a single attack. Our work argues that botnets create distinct patterns that can be detected by analyzing multiple traces from previous attacks. We formalize this idea into concrete bot network mapping algorithms and demonstrate their effectiveness in diverse conditions. Such a mapping implies that mitigation of future attacks is considerably easier, threatening the business model behind bot networks.",

author = "Erez Alfasi and Gil Einziger",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 23rd International Conference on Distributed Computing and Networking, ICDCN 2022 ; Conference date: 04-01-2022 Through 07-01-2022",

year = "2022",

month = jan,

day = "4",

doi = "10.1145/3491003.3491025",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "198--207",

booktitle = "ICDCN 2022 - Proceedings of the 2022 International Conference on Distributed Computing and Networking",

}

Alfasi, E & Einziger, G 2022, Botnet Mapping Based on Intersections of Traces. in ICDCN 2022 - Proceedings of the 2022 International Conference on Distributed Computing and Networking. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 198-207, 23rd International Conference on Distributed Computing and Networking, ICDCN 2022, Virtual, Online, India, 4/01/22. https://doi.org/10.1145/3491003.3491025

Botnet Mapping Based on Intersections of Traces. / Alfasi, Erez; Einziger, Gil.
ICDCN 2022 - Proceedings of the 2022 International Conference on Distributed Computing and Networking. Association for Computing Machinery, 2022. p. 198-207 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Botnet Mapping Based on Intersections of Traces

AU - Alfasi, Erez

AU - Einziger, Gil

PY - 2022/1/4

Y1 - 2022/1/4

N2 - Volumetric attacks are a growing concern for current Internet services. These attacks overwhelm Internet services with requests that prevent legitimate users from accessing the service or dramatically increase operational costs. While bot networks account for most volumetric attacks, the current approaches focus on mitigating a single attack. Our work argues that botnets create distinct patterns that can be detected by analyzing multiple traces from previous attacks. We formalize this idea into concrete bot network mapping algorithms and demonstrate their effectiveness in diverse conditions. Such a mapping implies that mitigation of future attacks is considerably easier, threatening the business model behind bot networks.

AB - Volumetric attacks are a growing concern for current Internet services. These attacks overwhelm Internet services with requests that prevent legitimate users from accessing the service or dramatically increase operational costs. While bot networks account for most volumetric attacks, the current approaches focus on mitigating a single attack. Our work argues that botnets create distinct patterns that can be detected by analyzing multiple traces from previous attacks. We formalize this idea into concrete bot network mapping algorithms and demonstrate their effectiveness in diverse conditions. Such a mapping implies that mitigation of future attacks is considerably easier, threatening the business model behind bot networks.

UR - https://www.scopus.com/pages/publications/85124019425

U2 - 10.1145/3491003.3491025

DO - 10.1145/3491003.3491025

M3 - Conference contribution

AN - SCOPUS:85124019425

T3 - ACM International Conference Proceeding Series

SP - 198

EP - 207

BT - ICDCN 2022 - Proceedings of the 2022 International Conference on Distributed Computing and Networking

PB - Association for Computing Machinery

T2 - 23rd International Conference on Distributed Computing and Networking, ICDCN 2022

Y2 - 4 January 2022 through 7 January 2022

ER -

Botnet Mapping Based on Intersections of Traces

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this