Botnet Infiltration using Automatic Protocol Reverse-Engineering

Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering

Automatic protocol reverse-engineering is important for many security applications,including the analysis and defense against botnets.Understanding the command-and control (C&C) protocol used by a botnet is crucial for anticipating its repertoire of nefarious activity and to enable active botnet infiltration. Frequently, security analysts need to rewrite messages sent and received by a bot in order to contain malicious activity and to provide the botmaster with an illusion of successful and unhampered operation.

Download PDF