Accés ràpid intranet

Més informació...

a a a
Inici

Deiminari

Títol

In-vitro experimentation with botnets: or how to recreate a 3000-node botnet in the lab and take it

Conferenciant

Jos Manuel Fernndez

Professor/a organitzador/a

Jordi Castell-Roca

Institució

cole Polytechnique de Montral

Data

05-06-2012 12:00

Resum

Botnets present a serious computer security problem and many efforts have been deployed to better understand them and develop effective counter-measures against them. Several techniques have been employed to this effect, in particular the study of botnets "in vivo", i.e. the direct observation of botnets operated by cybercriminals. This approach is not ideal for several reasons from a legal, security and ethical point of view, and furthermoe they do not allow the conduction of controlled and repeatable experiments, a fundamental prerequisite for a scientific exploration of the problem. In this presentation, we will present our research introducing a new methodology of "in vitro" experimentation, i.e. experiments with botnets reconstituted in a lab environment from the original malware code, under conditions of high security and experimental control. We will describe our experiments with the Waledac botnet, which we recreated in the lab with 3000 nodes. In particular, we will describe the results obtained when we tested different take-down methods, which were later used with success against the real botnet.

Lloc

Lab 231 (a confirmar)

Idioma

Angls