Description of the remaining publicly available datasets is given in Table 5.1. The Conficker P2P botnet dataset contains data from the UCSD Network Telescope for three days between November 2008 and January 2009. The first day, 21st November 2008 data, covers the onset of the Conficker A infection. On the second day, 21st December 2008, only Conficker A was active and during the third day both Conficker A and B were active. This dataset contains 68 compressed pcap files each containing one hour of traces. The total size of the dataset is 69 GB. The dataset from university of Georgia consists of ZeroAccess and Skynet botnet traces. The ZeroAccess is one of the most prominent P2P botnet in the recent years. The main operations of ZeroAccess
…show more content…
The Kazy botnet is a variant of ZeroAccess botnet. Medfos is a fairly new adware botnet family, but it is continuously gaining big detection numbers around the world, especially in the United States. The initial Win32/Medfos infection is usually a downloader component that is distributed in different ways; like by visiting a compromised website that redirects to an exploit or by existing malware that downloads it to the already infected machine. Kelihos is a botnet which utilizes P2P communication to maintain its C&C structure. This botnet is mainly involved in Bitcoin mining and spamming. The Win32/Sogou is a dangerous Trojan Downloader that invades the windows based PCs without getting permission from the user. This malicious application spreads through social media websites and can destroy a computer in a way that it becomes useless permanently. This tricky Trojan application is developed by the hackers to get remote access of the data and system folders in computer. Dalhousie University dataset contains both botnet and benign traces. The Citadel botnet is very similar to Zeus botnet. It is designed to steal personal information used in financial transactions and perform DDoS attacks. Alexa benign traffic includes domain name lists which are used to avoid the possibility of representing old botnet behavior when old binaries are used. The dataset from the Centro University, Argentina
The Kazy botnet is a variant of ZeroAccess botnet. Medfos is a fairly new adware botnet family, but it is continuously gaining big detection numbers around the world, especially in the United States. The initial Win32/Medfos infection is usually a downloader component that is distributed in different ways; like by visiting a compromised website that redirects to an exploit or by existing malware that downloads it to the already infected machine. Kelihos is a botnet which utilizes P2P communication to maintain its C&C structure. This botnet is mainly involved in Bitcoin mining and spamming. The Win32/Sogou is a dangerous Trojan Downloader that invades the windows based PCs without getting permission from the user. This malicious application spreads through social media websites and can destroy a computer in a way that it becomes useless permanently. This tricky Trojan application is developed by the hackers to get remote access of the data and system folders in computer. Dalhousie University dataset contains both botnet and benign traces. The Citadel botnet is very similar to Zeus botnet. It is designed to steal personal information used in financial transactions and perform DDoS attacks. Alexa benign traffic includes domain name lists which are used to avoid the possibility of representing old botnet behavior when old binaries are used. The dataset from the Centro University, Argentina