Malmö University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Botnet's Obfuscated C&C Infrastructure Take-down Approaches Based on Monitoring Centralized Zeus Bot Variant's Propagation Model
Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).ORCID iD: 0000-0003-4071-4596
Express Ridge Trading Pty, 87 Broadacres Dr, Johannesburg, South Africa.
Univ Swaziland, Dept Comp Sci, Kwaluseni, Swaziland.
2019 (English)In: 2019 Ist-Africa Week Conference (Ist-Africa), IEEE, 2019Conference paper, Published paper (Refereed)
Abstract [en]

While botnets still pose a big threat, they have also developed to be the most dangerous dark applications over the web. They are able to compromise a multitude of computers under the Command and Control (C&C) infrastructure, that is mainly controlled by a botherder/botmaster. Normally, a botnet uses malicious code to achieve its objectives and usually the motivation is based on either financial gain or Denial of Service (DoS) attack. The problem that is being addressed in this paper is structured to explore how a botnet's C&C infrastructure can be taken down based on how the botnet propagates itself within a network. The authors have used Zeus Botnet (ZBot) propagation model as a basis for this study. The main objective is to identify ZBot propagation patterns in order to be able to propose the take down approaches of the C&C infrastructure which acts as botnet control point. It is imperative to note that, even though ZBot was mainly resilient to attacks because of its Peer-to-Peer (P2P) nature, still other Zeus variants were controlled or acted as centralized bots. The study is more inclined to exploring the centralized Zeus variants like GameOver Zeus (GOZ) and ICE-IX for purposes of identifying the approaches. Based on the ZBot attack study, the C&C infrastructure can effectively be infiltrated hence averting unwarranted botnet attacks.

Place, publisher, year, edition, pages
IEEE, 2019.
Series
IST-Africa, ISSN 2576-8581
Keywords [en]
botnet, obfuscated, C&C infrastructure, Zeus, bot, propagation, model
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:mau:diva-12342DOI: 10.23919/ISTAFRICA.2019.8764837ISI: 000490550800022Local ID: 30502OAI: oai:DiVA.org:mau-12342DiVA, id: diva2:1409388
Conference
IST-Africa Week Conference (IST-Africa), Nairobi, Kenya (8-10 May 2019)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-06-17Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Kebande, Victor R.

Search in DiVA

By author/editor
Kebande, Victor R.
By organisation
Department of Computer Science and Media Technology (DVMT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 47 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf