Abstract

The actions of Malware are often controlled through uniform communications mechanisms, which are regularly changing to evade detection techniques and remain prolific. Though geographically dispersed, malware-infected nodes being controlled for a common purpose can be viewed as a logically joint network, now loosely referred to as a botnet. The evolution of the mechanisms or processes for controlling the networks of malware-infected nodes may be indicative of their sophistication relative to a point of inception or discovery (if inception time is unknown). A sampling of botnet related malware at different points of inception or discovery can provide accurate representations of the sophistication variance of command and control processes. To accurately measure a sampling, a matrix of sophistication, deemed the Complexity Matrix (CM), was created to categorize the signifying characteristics of Command and Control (C&C) processes amongst a historically-diverse selection of bot binaries. In this paper, a survey of botnets is conducted to identify C&C characteristics that accurately represent the level of sophistication being implemented within a specified time frame. The results of the survey are collected in a CM and used to generate a subsequent roadmap of C&C milestones.

Library of Congress Subject Headings

Computer networks--Security measures; Malware (Computer software)--Prevention; Computer crimes--Prevention

Publication Date

2012

Document Type

Thesis

Student Type

Graduate

Degree Name

Networking and System Administration (MS)

Department, Program, or Center

Information Sciences and Technologies (GCCIS)

Advisor

Lutz, Peter

Comments

Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013.

Campus

RIT – Main Campus

Download

Share

COinS