Winter 2008 ESCC/Internet2 Joint Techs Workshop

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Uncovering Botnets with Lit IP Space Analysis

Time 01/22/08 03:50PM-04:10PM

Session Abstract

Keeping pace with today's sophisticated botnets is no easy task. The Storm worm P2P botnet did not aggressively scan for new bot victims and over 65% of bot malware is transmitted via the Web. Traditional techniques like darkspace honeypots, IPS signatures, and spam analysis are no longer effective to pinpoint bots, which evade these mechanisms such as by hiding in Web traffic. Security analysis of active IP traffic (as opposed to sitting on dark IP space) enables botnet detection and tracking in real-time.

This session will cover a new security analysis technique utilizing instrumented virtual machines that perform "lit IP space" analysis of Web and other network traffic for bots and targeted stealthy malware. For Internet2 organizations, the challenge will be balancing iron-clad security with a highly open and collaborative network. Using lit IP space network analysis and forensics, it is possible to detect the new generation of Web-based malware as well as preserve critical and contextual data surrounding a particular incident. In this presentation, Internet2 IT professionals will hear some experimental results on the scale of the threat to users on open networks, and learn how this new technology can protect against stealthy malware and botnet infiltration.


Speaker Stuart Staniford FireEye

Speaker Ashar Aziz FireEye

Presentation Media