TY - CONF
T1 - The Heisenbot uncertainty problem
T2 - 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2008
AU - Kanich, Chris
AU - Levchenko, Kirill
AU - Enright, Brandon
AU - Voelker, Geoffrey M.
AU - Savage, Stefan
N1 - Our thanks to Vern Paxson and Christian Kreibich for detailed discussions and feedback on investigating the Storm botnet, Joe Stewart of Secureworks for offering his insight into the workings of Storm, Erin Kenneally for advising us on legal issues, and to Gabriel Lawrence and Jim Madden for supporting this activity on UCSD’s systems and networks. Our data collection was made possible by generous support from Cisco, Microsoft Research, Intel and UCSD’s Center for Networked Systems, for which we are very grateful. This work was made possible by the National Science Foundation grant NSF-0433668. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.
PY - 2008
Y1 - 2008
N2 - In this paper we highlight a number of challenges that arise in using crawling to measure the size, topology, and dynamism of distributed botnets. These challenges include traffic due to unrelated applications, address aliasing, and other active participants on the network such as poisoners. Based upon experience developing a crawler for the Storm botnet, we describe each of the issues we encountered in practice, our approach for managing the underlying ambiguity, and the kind of errors we believe it introduces into our estimates.
AB - In this paper we highlight a number of challenges that arise in using crawling to measure the size, topology, and dynamism of distributed botnets. These challenges include traffic due to unrelated applications, address aliasing, and other active participants on the network such as poisoners. Based upon experience developing a crawler for the Storm botnet, we describe each of the issues we encountered in practice, our approach for managing the underlying ambiguity, and the kind of errors we believe it introduces into our estimates.
UR - http://www.scopus.com/inward/record.url?scp=85084096724&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084096724&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:85084096724
Y2 - 15 April 2008
ER -