State of the Art Botnet-Centric Honeynet Design

The problem of malware has escalated at a rate that security professionals and researchers have been unable to deal with. Attackers savage the information technology (IT) infrastructure of corporations and governments with impunity. Of particular significance is the rise of botnets within the past ten years. In response, honeypots and honeynets were developed to gain critical intelligence on attackers and ultimately to neutralize their threats. Unfortunately, the malware community has adapted, and strategies used in the early half of the decade have diminished significantly in their effectiveness. This thesis explores the design characteristics necessary to create a honeynet capable of reversing the current trend and defeating botnet countermeasures. This thesis finds that anti-virtual machine detection techniques along with appropriate failsafes are essential to analyze modern botnet binaries.