Financial botnets, those specifically aimed at carrying out financial fraud, represent a well-known threat for banking institutions all around the globe. Unfortunately, these malicious networks are responsible for huge economic losses or for conducting money laundering operations. Contrary to DDoS and spam malware, the stealthy nature of financial botnets requires new techniques and novel research in order to detect, analyze and even to take them down. This paper presents a work-in-progress research aimed at creating a system able to mitigate the financial botnet problem. The proposed system is based on a novel architecture that has been validated by one of the biggest savings banks in Spain. Based on previous experiences with two of the proposed architecture building blocks -the Dorothy framework and a blacklist-based IP reputation system-, we show that it is feasible to map financial botnet networks and to provide a non-deterministic score to its associated zombies. The proposed architecture also promotes intelligence information sharing with involved parties such as law enforcement authorities, ISPs and financial institutions. Our belief is that these functionalities will prove very useful to fight financial cybercrime.

A framework for financial botnet analysis / M. Riccardi, D. Oro, J. Luna, M. Cremonini, M. Vilanova - In: 2010 eCrime researchers summit : 18-20 october 2010, Dallas, TX : [proceedings]Piscataway : Institute of electrical and electronics engineers, 2010. - ISBN 9781424477609. - pp. 1-7 (( convegno eCrime Researchers Summit (eCrime) tenutosi a Dallas nel 2010 [10.1109/ecrime.2010.5706697].

A framework for financial botnet analysis

M. Cremonini
Penultimo
;
2010

Abstract

Financial botnets, those specifically aimed at carrying out financial fraud, represent a well-known threat for banking institutions all around the globe. Unfortunately, these malicious networks are responsible for huge economic losses or for conducting money laundering operations. Contrary to DDoS and spam malware, the stealthy nature of financial botnets requires new techniques and novel research in order to detect, analyze and even to take them down. This paper presents a work-in-progress research aimed at creating a system able to mitigate the financial botnet problem. The proposed system is based on a novel architecture that has been validated by one of the biggest savings banks in Spain. Based on previous experiences with two of the proposed architecture building blocks -the Dorothy framework and a blacklist-based IP reputation system-, we show that it is feasible to map financial botnet networks and to provide a non-deterministic score to its associated zombies. The proposed architecture also promotes intelligence information sharing with involved parties such as law enforcement authorities, ISPs and financial institutions. Our belief is that these functionalities will prove very useful to fight financial cybercrime.
Bank data processing ; Computer crime ; Computer forensics ; Fraud ; Invasive software ; Peer-to-peer computing.
Settore INF/01 - Informatica
2010
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
CREMONINI-A Framework For Financial Botnet Analysis.pdf

accesso aperto

Tipologia: Pre-print (manoscritto inviato all'editore)
Dimensione 1.16 MB
Formato Adobe PDF
1.16 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/161422
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 18
  • ???jsp.display-item.citation.isi??? ND
social impact