Financial botnets, those specifically aimed at carrying out financial fraud, represent a well-known threat for banking institutions all around the globe. Unfortunately, these malicious networks are responsible for huge economic losses or for conducting money laundering operations. Contrary to DDoS and spam malware, the stealthy nature of financial botnets requires new techniques and novel research in order to detect, analyze and even to take them down. This paper presents a work-in-progress research aimed at creating a system able to mitigate the financial botnet problem. The proposed system is based on a novel architecture that has been validated by one of the biggest savings banks in Spain. Based on previous experiences with two of the proposed architecture building blocks -the Dorothy framework and a blacklist-based IP reputation system-, we show that it is feasible to map financial botnet networks and to provide a non-deterministic score to its associated zombies. The proposed architecture also promotes intelligence information sharing with involved parties such as law enforcement authorities, ISPs and financial institutions. Our belief is that these functionalities will prove very useful to fight financial cybercrime.
A framework for financial botnet analysis / M. Riccardi, D. Oro, J. Luna, M. Cremonini, M. Vilanova - In: 2010 eCrime researchers summit : 18-20 october 2010, Dallas, TX : [proceedings]Piscataway : Institute of electrical and electronics engineers, 2010. - ISBN 9781424477609. - pp. 1-7 (( convegno eCrime Researchers Summit (eCrime) tenutosi a Dallas nel 2010 [10.1109/ecrime.2010.5706697].
A framework for financial botnet analysis
M. CremoniniPenultimo
;
2010
Abstract
Financial botnets, those specifically aimed at carrying out financial fraud, represent a well-known threat for banking institutions all around the globe. Unfortunately, these malicious networks are responsible for huge economic losses or for conducting money laundering operations. Contrary to DDoS and spam malware, the stealthy nature of financial botnets requires new techniques and novel research in order to detect, analyze and even to take them down. This paper presents a work-in-progress research aimed at creating a system able to mitigate the financial botnet problem. The proposed system is based on a novel architecture that has been validated by one of the biggest savings banks in Spain. Based on previous experiences with two of the proposed architecture building blocks -the Dorothy framework and a blacklist-based IP reputation system-, we show that it is feasible to map financial botnet networks and to provide a non-deterministic score to its associated zombies. The proposed architecture also promotes intelligence information sharing with involved parties such as law enforcement authorities, ISPs and financial institutions. Our belief is that these functionalities will prove very useful to fight financial cybercrime.File | Dimensione | Formato | |
---|---|---|---|
CREMONINI-A Framework For Financial Botnet Analysis.pdf
accesso aperto
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
1.16 MB
Formato
Adobe PDF
|
1.16 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.