Browse Prior Art Database

DISTRIBUTED BOTNET DETECTION USING GATEWAY SECURITY INFRASTRUCTURE

IP.com Disclosure Number: IPCOM000215543D
Publication Date: 2012-Mar-06
Document File: 21 page(s) / 2M

Publishing Venue

The IP.com Prior Art Database

Related People

Sachin Bochare: AUTHOR

Abstract

A tool leverages the power of a distributed infrastructure of Web and Messaging gateways to make existing botnet detection algorithms stronger. A statistical analysis is performed at a central location on data collected from an individual gateway, and results are derived based on a cross correlation of command and control communications.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 9% of the total text.

DISTRIBUTED BOTNET DETECTION USING GATEWAY SECURITY INFRASTRUCTURE

Sachin Bochare

Symantec Corporation

Abstract

A tool leverages the power of a distributed infrastructure of Web and Messaging gateways to make existing botnet detection algorithms stronger. A statistical analysis is performed at a central location on data collected from an individual gateway, and results are derived based on a cross correlation of command and control communications.   

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.  For a full list of Symantec trademarks, please visit

http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

United States

http://www.symantec.com

DISTRIBUTED BOTNET DETECTION USING GATEWAY SECURITY INFRASTRUCTURE

Problem Statement

Botnets are a major threat in today’s world and there is large underground market for botnet threats. Botnets are a significant contributor to malicious internet activities. Botnets may be responsible for distributed denial of service attacks, spamming, stealing passwords, logging keystrokes, acting as proxy servers, and the like. The number of botnets is steadily growing and protocols used to carry out infection and malicious activities have also evolved from IRC, HTTP, FTP, and DNS. Botnet structures have also evolved from centralized to point-to-point or distributed environments. In general, botnet activities include the steps of infecting the system, downloading malicious code, carrying out malicious activities, and managing communications with command and control servers to protect the botnet from detection systems. 

A machine may be infected by a botnet in numerous ways such as by executing malicious code while browsing on the internet, exploiting systems vulnerabilities, using already existing backdoor or engineered backdoor entry, via mail attachments, or wit...