Security

Dispatcher: Enabling Active Botnet Infiltration Using Automatic Protocol Reverse-Engineering

Free registration required

Executive Summary

Automatic protocol reverse-engineering is important for many security applications, including the analysis and defense against botnets. Understanding the Command-and-Control (C&C) protocol used by a botnet is crucial for anticipating its repertoire of nefarious activity and to enable active botnet infiltration. Frequently, security analysts need to rewrite messages sent and received by a bot in order to contain malicious activity and to provide the botmaster with an illusion of successful and unhampered operation. To enable such rewriting, the authors need detailed information about the intent and structure of the messages in both directions of the communication, despite the fact that they generally only have access to the implementation of one endpoint, namely the bot binary. Current techniques cannot enable such rewriting.

  • Format: PDF
  • Size: 329 KB