Research Labs

The World Wide Web gains more and more popularity within China with more than 1.31 million websites on the Chinese Web in June 2007. Driven by the economic profits, cyber criminals are on the rise and use the Web to exploit innocent users. In fact, a real underground black market with thousand of participants has developed which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more.

In this paper, the author(s) provides a detailed overview of this underground black market and present a model to describe the market. They substantiate they're model with the help of measurement results within the Chinese Web. First, they show that the amount of virtual assets traded on this underground market is huge. Second, they're research proofs that a significant amount of websites within China's part of the Web are malicious: they're measurements reveal that about 1.49% of the examined sites contain some kind of malicious content.

  www-china-TR.pdf (464.39kB)

Botnets, networks of compromised machines that can be remotely controlled by an attacker, are one of the most common attack platforms nowadays. They can, for example, be used to launch distributed denial-of-service (DDoS) attacks, steal sensitive information, or send spam emails. A long-term measurement study of botnet activities is useful as a basis for further research on global botnet mitigation and disruption techniques. The author(s) have built a distributed and fully-automated botnet measurement system which allows us to collect data on the botnet activity they observe in China. Based on the analysis of tracking records of 3,290 IRC-based botnets during a period of almost twelve months, this paper presents several novel results of botnet activities which can only be measured via long-term measurements. These include. amongst others, botnet lifetime, botnet discovery trends and distributions, command and control channel distributions, botnet size and end-host distributions. Furthermore, they're measurements confirm and extend several previous results from this area.

They're results show that the botnet problem is of global scale, with a scattered distribution of the control infrastructure and also a scattered distribution of the victims. Furthermore, the control infrastructure itself is rather flexible, with an average lifetime of a Command & Control server of about 54 days. These results can also leverage research in the area of botnet detection, mitigation, and disruption: only by understanding the problem in detail, we can develop efficient counter measures.

  botnet-china-TR.pdf (321.8kB)

There are some places in the world where life is dangerous. Internet has some dark zones too and RBN is one of them. RBN stands for Russian Business Network and it’s a nebulous organisation which aims to fulfil cyber crime.

This study aims to provide some enlightenment on RBN activities and tries to detail how they  work. Indeed RBN has many constituents and it’s hard to have an exact idea on the goal of some of them and the way they’re linked with other constituents.
There are some countermeasures available but they don't make sense for home users or even companies. Only ISPs, IXPs and internet regulators can help mitigating risks originating from RBN and other malicious groups.

  RBN_study.pdf (1.45MB)

Welcome to Research Labs - The research facility that specializes in online research in various computing related fields like security, privacy and programming.

This site is currently optimized for Firefox. Due to reorganisation, we don't accept new members at this time.