MoBE: Detecting Modern Botnets

net When a com­pu­ter is in­fec­ted with ma­li­cious soft­ware, the owner loses con­trol over it and the system becomes a bot. Bots are con­trol­led re­mo­te­ly, often poo­led to groups of many thousands of in­fec­ted hosts, the so-cal­led bot­nets. Bot­nets are re­s­pon­si­ble for some of the major pro­blems on the In­ter­net today: they are used to pro­pa­ga­te spam, fa­ci­li­ta­te iden­ti­ty theft, theft of ban­king creden­ti­als and ac­counts to a va­rie­ty of on­line ser­vices among other cri­mi­nal ac­tivi­ties like De­ni­al of Ser­vice at­tacks. Wi­t­hin this pro­ject, we develop tech­ni­ques and tools to de­tect and de­feat mo­dern bot­nets. Pri­va­cy of data and de­tec­tion of bots in high-speed net­works are in the cen­ter of our study.


Administrative Information


BMBF Grantvdevdiit Project Management


Selected Publications


Gi­an­lu­ca String­hi­ni, Ma­nu­el Egele, Apos­to­lis Zar­ras, Thors­ten Holz, Chris­to­pher Krue­gel, Gio­van­ni Vigna
21st USE­NIX Se­cu­ri­ty Sym­po­si­um, Bel­le­vue, WA, USA, Au­gust 2012

Armin Bü­scher, Thors­ten Holz
5th USE­NIX Work­shop on Lar­ge-Sca­le Ex­ploits and Emer­gent Thre­ats (LEET), San Jose, CA, April 2012

Marc Küh­rer, Thors­ten Holz
PIK - Pra­xis der In­for­ma­ti­ons­ver­ar­bei­tung und Kom­mu­ni­ka­ti­on. Vo­lu­me 35, Issue 1, Pages 11–16, April 2012

Til­man Frosch, Marc Küh­rer, Thors­ten Holz
Ad­van­ces in IT Early Warning, Fraun­ho­fer Ver­lag, Fe­bru­ary 2013. ISBN: 978-3-8396-0474-8

Pa­na­gio­tis Pa­pa­do­pou­los, An­to­nis Pa­pa­do­gi­an­na­kis, Micha­lis Po­ly­chro­na­kis, Apos­to­lis Zar­ras, Thors­ten Holz, Evan­ge­los P. Mar­ka­tos
An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2013