Protecting web 2.0 services from botnet exploitations

Vo, Nguyen H. & Pieprzyk, Josef (2010) Protecting web 2.0 services from botnet exploitations. In O'Conner, Lisa (Ed.) Proceedings of the Second Cybercrime and Trustworthy Computing Workshop, IEEE, Ballarat, Victoria, Australia, pp. 18-28.

View at publisher


Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the botnet owner via a communication channel called Command and Control (C & C) channel. There are three main C & C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such botnet was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C & C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.

Impact and interest:

2 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 70115
Item Type: Conference Paper
Refereed: Yes
Keywords: Botnet, Web 2.0, Trojan 2.0, API, MAC address, Communication channel, CAPTCHA
DOI: 10.1109/CTC.2010.10
ISBN: 978-0-7695-4186-0
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright © 2010 by The Institute of Electrical and Electronics Engineers, Inc.
Copyright Statement: All rights reserved. Copyright and Reprint Permissions: Abstracting is permitted with credit to the source. Libraries may photocopy beyond the limits of US copyright law, for private use of patrons, those articles in this volume that carry a code at the bottom of the first page, provided that the per-copy fee indicated in the code is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923. Other copying, reprint, or republication requests should be addressed to: IEEE Copyrights Manager, IEEE Service Center, 445 Hoes Lane, P.O. Box 133, Piscataway, NJ 08855-1331.
Deposited On: 13 Apr 2014 23:22
Last Modified: 28 Apr 2014 05:16

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page