Large-scale Malware Experiments: Why, How, and So What?

Abstract : One of the most popular research areas in the anti-malware industry (second only to detection) is to document malware characteristics and understand their operations. Most initiatives are based on reverse engineering of malicious binaries so as to understand a threat's features. In order to fully understand the challenges faced by a malware operator, it is sometimes necessary to reproduce a scenario where researchers have to manage thousands of infected computers in order to reach a set of objectives. In this paper, we first discuss the reasons why one would want to replicate a botnet and perform experiments while managing it. In our case, our objective was to emulate the Waledac botnet and assess the performance of a mitigation scheme against its peer-to-peer infrastructure. We then present our experimental methodology and explain the technical decisions we take to perform our experiments. Finally, we explain our results, both in terms of the attacks against the Waledac botnet and challenges we faced while creating our experimental environment.
Type de document :
Communication dans un congrès
Virus Bulletin 2010, Sep 2010, Vancouver, Canada. pp.241--247, 2010
Liste complète des métadonnées

https://hal.inria.fr/inria-00536717
Contributeur : Joan Calvet <>
Soumis le : mardi 16 novembre 2010 - 18:05:15
Dernière modification le : lundi 19 mars 2018 - 22:38:02

Identifiants

  • HAL Id : inria-00536717, version 1

Collections

Citation

Joan Calvet, José M. Fernandez, Pierre-Marc Bureau, Jean-Yves Marion. Large-scale Malware Experiments: Why, How, and So What?. Virus Bulletin 2010, Sep 2010, Vancouver, Canada. pp.241--247, 2010. 〈inria-00536717〉

Partager

Métriques

Consultations de la notice

191