Spring 2008 Internet2 Member Meeting

Scaling Security Analysis vs. Next-Gen Botnet Malware Using VM-Based Analysis

April 22, 2008, 4:30 PM - 5:30 PM
UMT/GMT -4 hours
Location: Salon J

   Nicholas Feamster, Georgia Institute of Technology
   Fengmin Gong, FireEye  [pdf]
   Joe St Sauver, Internet2 & University of Oregon, Moderator

Session Abstract There are many security tools and devices already deployed in our IT infrastructure. Some are a little more helpful in fighting botnets than others. However, they can all make a difference in our war against botnets if they are adequately equipped with good actionable intelligence. I will describe a set of botnet intelligence that are useful for controlling a botnet throughout its life cycle, from initial infection to bot installation and botnet activities. I will explain four requirements on the quality of botnet intelligence: available, timely, accurate, and complete. Then, I will present a system solution that detects botnet infection/installation events using a VM based method, extracts further intelligence from the VM instrumentation, and qualifies and shares the intelligence across a global network of deployments. Example pcaps and intelligence data will be shown at the end.
If you attended this meeting, please fill out the Session Evaluation
Related Topic Areas

Return to Previous Page

spectrum