CAREER: Coordination- and Correlation-based Botnet Defense

职业：基于协调和关联的僵尸网络防御

• 批准号: 0954096
• 负责人: Guofei Gu
• 金额: $ 40万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-02-15 至 2017-01-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0954096&HistoricalAwards=false
• 关键词: CAREER; Coordination; Correlation; based; Botnet

This project aims to create a systematic framework with novel approaches and techniques to defend against current and next generation botnets. A botnet is a network of compromised computers (bots) that are under the control of an attacker (botmaster) through some command & control (C&C) channel. In recent years, botnets have distinguished themselves from previous generation malware as the primary platform and root-cause for most Internet attacks and illegal activities. With the magnitude and the potency of attacks afforded by their combined bandwidth and processing power, botnets are now considered as the greatest single threat to Internet security. As botnets involve both host-level and network-level activities, a systematic defensive framework should consider both host- and network-level information. We can achieve better defense by utilizing host-network coordination, community-based intelligence, and a cross-layer view, instead of relying on a single (or a set of separate) host- or network-level information source(s). This project establishes a host-network coordination- and correlation-based framework for systematic botnet defense in depth. It addresses three major questions covering detection, prevention, and attribution of botnets: How to detect the existence of botnets in an efficient, accurate, robust, fast, and automatic way? How to prevent botnets from penetrating into a protected network? Where does the command and control (C&C) actually originate from? The methodology and techniques proposed in the project can have a profound impact on future malware defense in terms of improving its effectiveness, efficiency, and robustness.

该项目旨在创建一个具有新颖方法和技术的系统框架，以抵御当前和下一代僵尸网络。僵尸网络是一个受攻击的计算机（僵尸程序）网络，这些计算机通过某些命令控制（C C）通道受到攻击者（僵尸主机）的控制。近年来，僵尸网络已经从上一代恶意软件中脱颖而出，成为大多数互联网攻击和非法活动的主要平台和根源。由于其带宽和处理能力的组合所提供的攻击的规模和潜力，僵尸网络现在被认为是对互联网安全的最大威胁。由于僵尸网络涉及主机级和网络级的活动，一个系统的防御框架应该考虑主机级和网络级的信息。我们可以通过利用主机网络协调、基于社区的智能和跨层视图来实现更好的防御，而不是依赖于单个（或一组单独的）主机或网络级信息源。该项目建立了一个基于主机网络协调和相关性的框架，用于深入系统的僵尸网络防御。它解决了三个主要问题，包括检测，预防和僵尸网络的归属：如何检测僵尸网络的存在，在一个有效的，准确的，强大的，快速的，自动的方式？如何防止僵尸网络渗透到受保护的网络？命令和控制（C C）实际上来自哪里？该项目中提出的方法和技术可以对未来的恶意软件防御产生深远的影响，提高其有效性，效率和鲁棒性。

项目成果

CloudRand: Building Heterogeneous and Moving-target Network Interfaces

CloudRand：构建异构和移动目标网络接口

• 发表时间: 2018
• 期刊: 2018 International Conference on Computer Communication and Networks (ICCCN'18
• 作者: Seungwon Shin, Zhaoyan Xu