Life cycle and detection of bot infections through network traffic analysis
No ratings
Presented at Positive Hack Days 2012 by
In this presentation Fyodor Yarochkin and Vladimir Kropotov will share their experience of analysing network traffic and detecting compromised machines (also known as zombies or botnet nodes) in different networks. In the presentation, Fyodor and Vladimir use real-life infection examples and will highlight typical infection stages and post-infection activity for different types of bots and botnets. Methods of possible detection and prevention will also be discussed, covering a variety of approaches from analysing raw network traffic to system logs and IDS/IPS events processing. Finally, the automated zombies detection techniques based on different patterns in the network traffic flows will be discussed.