FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Behavioral Study of Bot Obedience using Causal Relationship Analysis







Platinum Sponsor

BT



Silver Sponsor

Diageo



Local Host

CERT Coordination Center



Supporting Sponsors

Sun



Google



Hitachi



ISS



E-Secure-IT

Korea CertCC



Conference Schedule

Technical Track

Wednesday – June 28th, 15:00

Botnet discovery can be difficult, since the existence of a network is often discovered only after it used for widespread activity such as a DDoS or a phishing scam. Sharing intelligence on a potential botnet traffic is also problematic mainly due to data privacy issues.

In this paper, we describe some currently used methods for identifying botnets and issues which arise when applying them in practice. We will identify the types of information that could be shared between different stakeholders and the technical means available to gather such data. Finally, we will present causality graphs and describe initial experiences in applying them to analyzing botnet incidents.

Authors & presenters

  • FILari Huttunem (University of Oulu, FI)

  • FIPekka Pietikäinen  Presenter (University of Oulu, FI)


 
Conference Schedule