Accés ràpid intranet

Més informació...

a a a



In-vitro experimentation with botnets: or how to recreate a 3000-node botnet in the lab and take it


Jos Manuel Fernndez

Professor/a organitzador/a

Jordi Castell-Roca


cole Polytechnique de Montral


05-06-2012 12:00


Botnets present a serious computer security problem and many efforts have been deployed to better understand them and develop effective counter-measures against them. Several techniques have been employed to this effect, in particular the study of botnets "in vivo", i.e. the direct observation of botnets operated by cybercriminals. This approach is not ideal for several reasons from a legal, security and ethical point of view, and furthermoe they do not allow the conduction of controlled and repeatable experiments, a fundamental prerequisite for a scientific exploration of the problem. In this presentation, we will present our research introducing a new methodology of "in vitro" experimentation, i.e. experiments with botnets reconstituted in a lab environment from the original malware code, under conditions of high security and experimental control. We will describe our experiments with the Waledac botnet, which we recreated in the lab with 3000 nodes. In particular, we will describe the results obtained when we tested different take-down methods, which were later used with success against the real botnet.


Lab 231 (a confirmar)