Posts Tagged 'Computer Security'

Toward Proactive Mitigation of Advanced Multi-tier Botnets

Please make note of the following, free, on-line seminar.  Information about how to join the session can be found on the web site of the Commonwealth Graduate Engineering Program at


Brent ByungHoon Kang, Ph.D.


Toward Proactive Mitigation of Advanced Multi-tier Botnets

Date and Time

February 8, 2012 from 5 pm – 6 pm


In this talk I will present our on-going efforts to mitigate the advanced botnets. Botnet is a network of compromised machines, exploited to carry out malicious acts such as spam, phishing, denial of service attacks, and stealing sensitive data such as passwords and banking credentials. The detection and mitigation of these botnets have proven to be quite challenging. Malware authors, supported by a thriving underground economy, have demonstrated professional quality sophistication in creating codes highly adaptive to existing mitigation efforts.

We have explored a series of botnet mitigation approaches directed toward (i) creating new analysis and de-obfuscation methods to rapidly expose the botnets’ command and control protocols in a timely manner, (ii) in-depth analysis to explore the fundamental limits and weaknesses of the advanced botnet architecture, and (iii) designing an effective enumerator (or “mapping” of bot networks) to locate bot-infected hosts on the Internet.

Our research direction fundamentally differs from existing Intrusion Detection System (IDS) approaches. Unlike IDS, which is geared towards protecting local hosts within its perimeter, an enumerator will enable identification of both local and remote infections. Identifying remote infections is crucial, given that there are numerous computers on the Internet that are not under the protection of IDS-based systems. The resulting enumeration has been used for spam blocking, firewall configuration, DNS rewriting, and alerting sys-admins regarding local infections.

RSS Feed

August 2019
« Sep