research-article

The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems

Authors:

Gandeva B. Satrya,

Niken D.W. Cahyani,

Ritchie F. AndretaAuthors Info & Claims

ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Article No.: 5, Pages 1 - 4

https://doi.org/10.1145/2781562.2781567

Published: 03 August 2015 Publication History

Abstract

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using malwares. These infected computer are known as bot or zombie. These bot are controllable for the attacker through an infrastructure called Command and Control (C&C) server. In general, the spread of botnets Windows operating system as its main target in the form of executable file (.exe).

Right now Windows have a massive number of application in the form of executable file and almost all of it doing connection to the Internet. So it make it very difficult to distinguish an executable file as a malware botnet or not. Therefore, to identify and detecting a malware botnet required malware analysis on Windows executable file. Many ways can be done in analyzing a malware. However, generally speaking there are two techniques in malware analysis. That is static analysis and dynamic analysis. By combining both the results of static analysis, dynamic analysis can produce data for detecting malware botnet in the executable files of Windows operating system that are Herpestnet, Ann Loader, mbot, Vertexnet, Athena, Elite Loader, Gbot, dan Cythosia.

References

[1]

M. Brunner. Integrated honeypot based malware collection and analysis. Master's thesis, DER FERNUNIVERSITAT IN HAGEN, May 2012. URL http://martinbrunner.net/doc/MasterThesis-MartinBrunner.pdf.

[2]

H. Carvey. Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7. Syngress, 3 edition, February 2012.

Digital Library

[3]

C. Eagle. The IDA pro book: The Unofficial Guide to The World's Most Popular Disassembler. No Starch Press, 2011.

Digital Library

[4]

M. Egele, T. Scholte, E. Kirda, and C. Kruegel. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2):6, 2012.

Digital Library

[5]

C. C. Elisan and M. Hypponen. Malware, Rootkits & Botnets: A Beginners Guide. McGraw-Hill, 2013.

[6]

M. Feily, A. Shahrestani, and S. Ramadass. A survey of botnet and botnet detection. In Emerging Security Information, Systems and Technologies, 2009. SECURWARE'09. Third International Conference on, pages 268--273. IEEE, 2009.

Digital Library

[7]

S. Gadhiya and K. Bhavsar. Techniques for malware analysis. International Journal of Advanced Research in Computer Science and Software Engineering, 3(4):972, 2013.

[8]

T. Klein. A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security. No Starch Press, 1 edition, November 2011.

[9]

C. E. Malin, C.H. and J. Aquilina. Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides. Syngress, 1 edition, June 2012.

Digital Library

[10]

A. Margosis and M. Russinovich. Windows Sysinternals Administrator's Reference. Microsoft Press, 1 edition, June 2011.

Digital Library

[11]

C. Mielke and H. Chen. Botnets, and the cybercriminal underground. In Intelligence and Security Informatics, 2008. ISI 2008. IEEE International Conference on, pages 206--211, June 2008. .

[12]

J. Park. Acquiring Digital Evidence from Botnet Attacks: Procedures and Methods. PhD thesis, AUT University, 2011.

[13]

S. D. Russinovich, M. and A. Ionescu. Windows Internals, Part 1 (6th Edition) (Developer Reference). Microsoft Press, 6 edition, March 2012.

[14]

M. Sikorski and A. Honig. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, 1 edition, March 2012.

Digital Library

[15]

C. Valli. The malware analysis body of knowledge (mabok). 2008.

Cited By

Mekdad YBernieri GConti MFergougui APalesi MTumeo AGoumas GAlmudever C(2021)A threat model method for ICS malwareProceedings of the 18th ACM International Conference on Computing Frontiers10.1145/3457388.3458868(221-228)Online publication date: 11-May-2021
https://dl.acm.org/doi/10.1145/3457388.3458868
Gupta VGhosh MBaliyan N(2020)Analyzing Forensic Anatomization of Windows Artefacts for Bot-Malware DetectionInformation and Communication Technology for Intelligent Systems10.1007/978-981-15-7078-0_61(627-635)Online publication date: 22-Oct-2020
https://doi.org/10.1007/978-981-15-7078-0_61
Naz SSingh D(2019)Review of Machine Learning Methods for Windows Malware Detection2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT45670.2019.8944796(1-6)Online publication date: Jul-2019
https://doi.org/10.1109/ICCCNT45670.2019.8944796
Show More Cited By

Index Terms

The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems

Recommendations

Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
The Next Malware Battleground: Recovery After Unknown Infection

Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Malware Detection by Static Checking and Dynamic Analysis of Executables

The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

August 2015

268 pages

ISBN:9781450334617

DOI:10.1145/2781562

Conference Chairs:
Jae Kyu Lee
Korea Advanced Institute of Science and Technology
,
Robert J. Kauffman
Singapore Management University
,
Zoonky Lee
Yonsei University
,
Karl R. Lang
City University of New York
,
Program Chairs:
Byungjoon Yoo
Seoul National University
,
Ting Li
Erasmus University

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

KRF: Korea Research Foundation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICEC '15

ICEC '15: The 17th International Conference on Electronic Commerce 2015

August 3 - 5, 2015

Seoul, Republic of Korea

Acceptance Rates

ICEC '15 Paper Acceptance Rate 39 of 55 submissions, 71%;

Overall Acceptance Rate 150 of 244 submissions, 61%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
530
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)1

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Mekdad YBernieri GConti MFergougui APalesi MTumeo AGoumas GAlmudever C(2021)A threat model method for ICS malwareProceedings of the 18th ACM International Conference on Computing Frontiers10.1145/3457388.3458868(221-228)Online publication date: 11-May-2021
https://dl.acm.org/doi/10.1145/3457388.3458868
Gupta VGhosh MBaliyan N(2020)Analyzing Forensic Anatomization of Windows Artefacts for Bot-Malware DetectionInformation and Communication Technology for Intelligent Systems10.1007/978-981-15-7078-0_61(627-635)Online publication date: 22-Oct-2020
https://doi.org/10.1007/978-981-15-7078-0_61
Naz SSingh D(2019)Review of Machine Learning Methods for Windows Malware Detection2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT45670.2019.8944796(1-6)Online publication date: Jul-2019
https://doi.org/10.1109/ICCCNT45670.2019.8944796
Hasan KWu XBiswas KAhmed K(2018)A Novel Framework for Software Defined Wireless Body Area Network2018 8th International Conference on Intelligent Systems, Modelling and Simulation (ISMS)10.1109/ISMS.2018.00031(114-119)Online publication date: May-2018
https://doi.org/10.1109/ISMS.2018.00031
Thakar BParekh C(2017)Reverse Engineering of Botnet (APT)Information and Communication Technology for Intelligent Systems (ICTIS 2017) - Volume 210.1007/978-3-319-63645-0_28(252-262)Online publication date: 17-Aug-2017
https://doi.org/10.1007/978-3-319-63645-0_28
Satrya GDaely PShin S(2016)Android forensics analysis: Private chat on social messenger2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN)10.1109/ICUFN.2016.7537064(430-435)Online publication date: Jul-2016
https://doi.org/10.1109/ICUFN.2016.7537064
Satrya GDaely PNugroho M(2016)Digital forensic analysis of Telegram Messenger on Android devices2016 International Conference on Information & Communication Technology and Systems (ICTS)10.1109/ICTS.2016.7910263(1-7)Online publication date: 2016
https://doi.org/10.1109/ICTS.2016.7910263
Shayokh MAbeshu ASatrya GNugroho M(2016)Efficient and secure data delivery in software defined WBAN for virtual hospital2016 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC)10.1109/ICCEREC.2016.7814973(12-16)Online publication date: Sep-2016
https://doi.org/10.1109/ICCEREC.2016.7814973
Satrya GNugroho MHarisman L(2016)Digital forensics study of internet messenger: Line artifact analysis in Android OS2016 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC)10.1109/ICCEREC.2016.7814959(23-29)Online publication date: Sep-2016
https://doi.org/10.1109/ICCEREC.2016.7814959

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents