| | |
Summary: Studying Spamming Botnets Using Botlab
John P. John Alexander Moshchuk Steven D. Gribble Arvind Krishnamurthy
Department of Computer Science & Engineering
University of Washington
Abstract
In this paper we present Botlab, a platform that con-
tinually monitors and analyzes the behavior of spam-
oriented botnets. Botlab gathers multiple real-time
streams of information about botnets taken from distinct
perspectives. By combining and analyzing these streams,
Botlab can produce accurate, timely, and comprehensive
data about spam botnet behavior. Our prototype system
integrates information about spam arriving at the Univer-
sity of Washington, outgoing spam generated by captive
botnet nodes, and information gleaned from DNS about
URLs found within these spam messages.
We describe the design and implementation of Botlab,
including the challenges we had to overcome, such as
preventing captive nodes from causing harm or thwart-
ing virtual machine detection. Next, we present the re-
|
