Using coverage analysis to extract Botnet command-and-control protocol
There are some inherent patterns in the bot execution trace coverage of basic blocks.Using these patterns,an approach was proposed to infer Botnet command-and-control protocol (C&C protocol).Without intermediate representation of binary code and constraints solving,this approach has a lo...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2014-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.01.018/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539740340322304 |
|---|---|
| author | Zhi WANG Ya-yun CAI Lu LIU Chun-fu JIA |
| author_facet | Zhi WANG Ya-yun CAI Lu LIU Chun-fu JIA |
| author_sort | Zhi WANG |
| collection | DOAJ |
| description | There are some inherent patterns in the bot execution trace coverage of basic blocks.Using these patterns,an approach was proposed to infer Botnet command-and-control protocol (C&C protocol).Without intermediate representation of binary code and constraints solving,this approach has a lower time and space overhead.This coverage analysis approach was evaluated on 3 famous Botnet:Zeus,Sdbot and Agobot.The result shows that this approach can accurately and efficiently extract the Botnet control commands.And the completeness of the extracted control commands could be verified by checking whether all available basic blocks in bot are covered by the traces triggered by the control commands. |
| format | Article |
| id | doaj-art-76dcb244fefb486b99f3cd3d2c186ca8 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2014-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-76dcb244fefb486b99f3cd3d2c186ca82025-01-14T06:42:34ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2014-01-013515616659679091Using coverage analysis to extract Botnet command-and-control protocolZhi WANGYa-yun CAILu LIUChun-fu JIAThere are some inherent patterns in the bot execution trace coverage of basic blocks.Using these patterns,an approach was proposed to infer Botnet command-and-control protocol (C&C protocol).Without intermediate representation of binary code and constraints solving,this approach has a lower time and space overhead.This coverage analysis approach was evaluated on 3 famous Botnet:Zeus,Sdbot and Agobot.The result shows that this approach can accurately and efficiently extract the Botnet control commands.And the completeness of the extracted control commands could be verified by checking whether all available basic blocks in bot are covered by the traces triggered by the control commands.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.01.018/malware analysisBotnetcommand-and-control protocolcode blockcode coverage |
| spellingShingle | Zhi WANG Ya-yun CAI Lu LIU Chun-fu JIA Using coverage analysis to extract Botnet command-and-control protocol Tongxin xuebao malware analysis Botnet command-and-control protocol code block code coverage |
| title | Using coverage analysis to extract Botnet command-and-control protocol |
| title_full | Using coverage analysis to extract Botnet command-and-control protocol |
| title_fullStr | Using coverage analysis to extract Botnet command-and-control protocol |
| title_full_unstemmed | Using coverage analysis to extract Botnet command-and-control protocol |
| title_short | Using coverage analysis to extract Botnet command-and-control protocol |
| title_sort | using coverage analysis to extract botnet command and control protocol |
| topic | malware analysis Botnet command-and-control protocol code block code coverage |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.01.018/ |
| work_keys_str_mv | AT zhiwang usingcoverageanalysistoextractbotnetcommandandcontrolprotocol AT yayuncai usingcoverageanalysistoextractbotnetcommandandcontrolprotocol AT luliu usingcoverageanalysistoextractbotnetcommandandcontrolprotocol AT chunfujia usingcoverageanalysistoextractbotnetcommandandcontrolprotocol |