Refine
H-BRS Bibliography
- no (34)
Departments, institutes and facilities
Document Type
- Conference Object (25)
- Article (7)
- Book (monograph, edited volume) (1)
- Doctoral Thesis (1)
Year of publication
Has Fulltext
- no (34)
Keywords
- Host-Based Code Injection Attacks (2)
- Malware (2)
- Malware analysis (2)
- Memory forensics (2)
- Mobility modeling (2)
- Analysis (1)
- Attacks and Attack Implementations (1)
- Black Hole (1)
- Botnet tracking (1)
- Botnets (1)
Multi-hop Netze sind seit vielen Jahren Forschungsthema. Seit einigen Jahren gibt es auch erste Realisierungen solcher Netze. Sie ermöglichen es, ohne feste Infrastruktur sich selbst organisierende Netze zu realisieren. Dies macht sie für vielfältige zivile wie taktische Szenarien interessant. In der vorliegenden Arbeit liegt der Fokus auf taktischen Szenarien, wie Szenarien der öffentlichen Sicherheit, militärischen oder Katastrophenszenarien. In solchen Szenarien kann für die Kommunikation auf der letzten Meile nicht von existierender Kommunikationsinfrastruktur ausgegangen werden. Taktische multi-hop Netze stellen eine Möglichkeit dar, die Kommunikation auf der letzen Meile trotzdem zu realisieren.
Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.
In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.
Malware is responsible for massive economic damage. Being the preferred tool for digital crime, botnets are becoming increasingly sophisticated, using more and more resilient, distributed infrastructures based on peer-to-peer (P2P) protocols. On the other side, current investigation techniques for malware and botnets on a technical level are time-consuming and highly complex. Fraunhofer FKIE is addressing this problem, researching new ways of intelligent process automation and information management for malware analysis in order to minimize the time needed to investigate these threats.
Today’s computer systems face a vast array of severe threats that are posed by automated attacks performed by malicious software as well as manual attacks by individual humans. These attacks not only differ in their technical implementation but may also be location-dependent. Consequentially, it is necessary to join the information from heterogeneous and distributed attack sensors in order to acquire comprehensive information on current ongoing cyber attacks.