Spring 2008 Internet2 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Scaling Security Analysis vs. Next-Gen Botnet Malware Using VM-Based Analysis

Time 04/22/08 04:30PM-05:30PM

Session Abstract

There are many security tools and devices already deployed in our IT infrastructure. Some are a little more helpful in fighting botnets than others. However, they can all make a difference in our war against botnets if they are adequately equipped with good actionable intelligence. I will describe a set of botnet intelligence that are useful for controlling a botnet throughout its life cycle, from initial infection to bot installation and botnet activities. I will explain four requirements on the quality of botnet intelligence:
available, timely, accurate, and complete. Then, I will present a system solution that detects botnet infection/installation events using a VM based method, extracts further intelligence from the VM instrumentation, and qualifies and shares the intelligence across a global network of deployments. Example pcaps and intelligence data will be shown at the end.


Speaker Fengmin Gong FireEye

Moderator Joe St Sauver Internet2/University of Oregon

Speaker Nick Feamster Georgia Institute of Technology

Presentation Media

Secondary tracks System and Network Security for Advanced Networks

gold Sponsors

Food and Beverage Sponsors