Posted on by

ICIW2008: Understanding IRC Bot Behaviors in a Network-centric Attack Detection and Prevention

Gail-Joon Ahn, UNC Charlotte

  • motivation
    • malicious bots
    • surgein attacks
    • 1241 bots collected by them in the past year
    • 25% not detected by AV tools
  • background
    • most unknown bots are not detected
    • risk-aware detection and prevention
    • taxonomy of botnets is available
  • approach
    • components work individually & in cooperation
    • analysis is performed both on and off the internet
    • repository system component
    • pattern correlation system component
  • correlation system
  • Traffic analysis
    • detect malicious agents
    • something else
    • something else
  • IRC Sandman
    • Simulator
    • Animations of how it works
  • ongoing effort
    • bot characteristics
    • IRC conversation
    • Intel attribution
    • building new maps with various knowledge bases
Posted in UncategorizedTagged

Published by Michael Sauers

Michael Sauers is currently the Director of Technology for Do Space in Omaha, NE. Michael has been training librarians in technology for the past twenty years and has also been a public library trustee, a bookstore manager for a library friends group, a reference librarian, serials cataloger, technology consultant, and bookseller since earning his MLS in 1995 from the University at Albany’s School of Information Science and Policy. Michael has also written dozens of articles for various journals and magazines and his fourteenth book, Emerging Technologies: A Primer for Librarians (w/ Jennifer Koerber) was published in May 2015 and more books are on the way. In his spare time he blogs at travelinlibrarian.info, runs The Collector’s Guide to Dean Koontz Web site, takes many, many photos, and typically reads more than 100 books a year.

Leave a Reply

Your email address will not be published. Required fields are marked *