Deim Seminar
Title
In-vitro experimentation with botnets: or how to recreate a 3000-node botnet in the lab and take it
Conferenciant
José Manuel Fernández
Professor/a organitzador/a
Jordi Castellà-Roca
Institution
École Polytechnique de Montréal
Date
05-06-2012 12:00
Summary
Botnets present a serious computer security problem and many efforts
have been deployed to better understand them and develop effective
counter-measures against them. Several techniques have been employed to
this effect, in particular the study of botnets "in vivo", i.e. the
direct observation of botnets operated by cybercriminals. This approach
is not ideal for several reasons from a legal, security and ethical
point of view, and furthermoe they do not allow the conduction of
controlled and repeatable experiments, a fundamental prerequisite for a
scientific exploration of the problem. In this presentation, we will
present our research introducing a new methodology of "in vitro"
experimentation, i.e. experiments with botnets reconstituted in a lab
environment from the original malware code, under conditions of high
security and experimental control. We will describe our experiments
with the Waledac botnet, which we recreated in the lab with 3000 nodes.
In particular, we will describe the results obtained when we tested
different take-down methods, which were later used with success against
the real botnet.
Place
Lab 231 (a confirmar)
Language
Anglès
