4MMSR-Network Security Seminar. Peer-to-Peer Botnets: Overview and Case Study

Size: px
Start display at page:

Download "4MMSR-Network Security Seminar. Peer-to-Peer Botnets: Overview and Case Study"

Transcription

1 4MMSR-Network Security Seminar Peer-to-Peer Botnets: Overview and Case Study Julian B. Grizzard, Vikram Sharma, Chris Nunnery, and Brent ByungHoon Kang, David Dagon USENIX,

2 Index Introduction Definitions Background and History Goals and Metrics Case Study: Trojan.Peacomm Counter Measures Hardness of the topic Questions Exchange References 2

3 Introduction Definitions bot botnet Architecture Typical botnet C&C modes: Centralized, Random, Distributed C&C communication protocols : (eg: HTTP,IRC,P2P,VoIP,Twitter ) Peer-to-peer(P2P) architecture 3

4 Architecture Peer-to-peer(P2P) Applications that rely on P2P network : PPLive, File sharing, Skype Botnets use P2P protocol : Agobot, Ainslot, Conficker, IBotnet 4

5 Background and History Timeline of Peer-to-Peer Protocols and Bots 5

6 Goals and Metrics Three primary goals of botnets Information dispersion spam, Denial-of-service attack Information harvesting identity data, credit card number Information processing crack passwords Formation and exploitation of botnets : Primary infection (through viruses or worms) Organize networks and secondary infection Receive and execute commands 6

7 Case Study: Trojan.Peacomm Experimental Setup virtual machine running Windows XP filtered connection with a firewall PerylEyez malware analysis tool was used to detect changes in the system 2 weeks 7

8 Case Study: Trojan.Peacomm Initial Bot main way to be infected: by OS: Windows: 95/98/ME/2000/NT/XP It adds system driver wincomm32.sys to the host Driver is injected into windows process services.exe Windows Firewall is disabled Open the ports TCP: 139,12474 UDP: 123,137,138,1034,1035,7871,8705,19013,40519 (137,138,139 for sharing) Initial Peer List is Hard-coded, this could be a central point-of failure(next slide) [peers] 1: <128 bit md4 hash>=<ip address><port><2 byte flag> wincom32.ini 2: <128 bit md4 hash>=<ip address><port><2 byte flag> N: <128 bit md4 hash>=<ip address><port><2 byte flag> 8

9 Case Study: Trojan.Peacomm Communication Protocol Protocol Summary Overnet, implementing Kademila 128-bit numeric space is used Values are mapped to numeric space with keys <key,value> pairs are stored in the nearest pair, computed by XOR function List of nodes are kept for each bucket in the numeric space (Permet de trouver le node en 0(logN)) Steps Connect to overnet Download secondary injection URL Decrypt the URL Download secondary injection Execute it 9

10 Case Study: Trojan.Peacomm Communication Protocol Overnet, (Algo: Kademila) distance ex: XOR =36 10

11 Case Study: Trojan.Peacomm Secondary Injection Types of secondary injection Downloader and rootkit component SMTP spamming component address harvester propagation component DDoS tool Can periodically update itself by searching through the P2P net 11

12 Case Study: Trojan.Peacomm Searching the Download URL(detailed) A search key is generated in the bot using an algorithm that Uses system date and a random number (0..31) So the botmaster needs to publish a new URL under 32 different keys on a particular day It searches for this key in its initial peer list If a match is found, a result is returned: The result hash is used as as decryption key, paired with another key is hardcoded in bot The body of the tag contains the encrypted URL 12

13 Case Study: Trojan.Peacomm Number of Remote IPv4 Addresses Contacted Over Time for Duration of Infection Slowing down(saturation) Because many peers are unreachable, or they are no longer in Overnet. Steep slope(initial connections) Start of infection 13

14 Counter Measures Develop botnet detection systems that keep advanced botnet designs into account. i.e. Focusing on behavior-based detection. never execute the.exe files that you don't know filter the junk s(for the companies) forbid some ports(ex: 123,137,138,1034) 14

15 Hardness of the topic Difficult to detect the botnet Botnet spreads at a rapid speed, difficult to kill all the botnet 15

16 Questions exchange Can you name other types of attacks related to botnet (gave an outline of it)? Do you have an idea for the methods of detecting peer-to-peer botnets? Counter-measures? 16

17 Thank you for your attention! 17

18 References Botnet construction, control and concealment Krogoth, Botnet: classification, attacks, detection, tracing, and preventive measures Jing Liu, Yang Xiao, Hongmei Deng, Jingyuan Zhang, Peer-to-peer botnets: overview and case study, Julian B. Grizzard, Vikram Sharma, Chris Nunnery, and Brent ByungHoon Kang, David Dagon - USENIX, 2007 BOTNETWIKI Wiki Botnet Wiki peer-to-peer Research and Development of Peer-to-Peer Botnets

(Im)possibility of Enumerating Zombies. Yongdae Kim (U of Minnesota - Twin Cities)

(Im)possibility of Enumerating Zombies. Yongdae Kim (U of Minnesota - Twin Cities) (Im)possibility of Enumerating Zombies Yongdae Kim (U of Minnesota - Twin Cities) From Gunter Ollmann at Damballa's blog Botnet and DDoS Botnets becoming the major tool for DDoS 5 million nodes Botnet

More information

Botnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran

Botnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran 08-08-2011 Guide: Dr. B Ravindran Outline 1 Introduction 2 3 4 5 6 2 Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc.

More information

Traceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee

Traceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Traceback Attacks in Cloud Pebbletrace Botnet 2012 32nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Outline Introduction Key Identification Botnet attack in

More information

Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model

Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model Bonfring International Journal of Data Mining, Vol. 7, No. 2, May 2017 6 Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model Jae Moon Lee and Thien Nguyen Phu Abstract--- In the current

More information

UTM 5000 WannaCry Technote

UTM 5000 WannaCry Technote UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,

More information

Ethical Hacking and Prevention

Ethical Hacking and Prevention Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive

More information

Norman presentation. From Storm to Waledac. By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA

Norman presentation. From Storm to Waledac. By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA Norman presentation From Storm to Waledac By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA Storm first peer-to-peer botnet Old method IRC-server Specific chat-channels and run commandoes via

More information

A Comparative Analysis of the Resilience of Peer to Peer Botnets

A Comparative Analysis of the Resilience of Peer to Peer Botnets Master s Thesis A Comparative Analysis of the Resilience of Peer to Peer Botnets Dennis Andriesse Amsterdam, August 2012 VU University Amsterdam Advisors: Herbert Bos and Christian Rossow Abstract Botnets

More information

Storm Worm: A P2P Botnet

Storm Worm: A P2P Botnet Storm Worm: A P2P Botnet Nelly Marylise Mukamurenzi Master of Science in Communication Technology Submission date: February 2008 Supervisor: Svein Johan Knapskog, ITEM Co-supervisor: Andre Aarnes, Kripos

More information

DNS Security. Ch 1: The Importance of DNS Security. Updated

DNS Security. Ch 1: The Importance of DNS Security. Updated DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17 DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution

More information

CS System Security Mid-Semester Review

CS System Security Mid-Semester Review CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to

More information

Sub-Botnet Cordination Using Tokens in a Switched Network

Sub-Botnet Cordination Using Tokens in a Switched Network Utah State University DigitalCommons@USU Space Dynamics Lab Publications Space Dynamics Lab 1-1-2008 Sub-Botnet Cordination Using Tokens in a Switched Network Brandon Shirley Chad D. Mano Follow this and

More information

(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth

(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth (Botnets and Malware) The Zbot attack Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth What Happened? Type of Attack Botnet - refers to group of compromised computers

More information

Graph-based Detection of Anomalous Network Traffic

Graph-based Detection of Anomalous Network Traffic Graph-based Detection of Anomalous Network Traffic Do Quoc Le Supervisor: Prof. James Won-Ki Hong Distributed Processing & Network Management Lab Division of IT Convergence Engineering POSTECH, Korea lequocdo@postech.ac.kr

More information

Journal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article

Journal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):1055-1063 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 The novel approach of P2P Botnet Node-based detection

More information

Lecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422

Lecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?

More information

An Eye on the Storm: Inside the Storm Epidemic. Josh Ballard Network Security Analyst Kansas State University

An Eye on the Storm: Inside the Storm Epidemic. Josh Ballard Network Security Analyst Kansas State University An Eye on the Storm: Inside the Storm Epidemic Josh Ballard Network Security Analyst Kansas State University bal@k-state.edu Contents The Headlines Peer-to-peer network So just how big is this thing? How

More information

The Waledac Protocol: The How and Why

The Waledac Protocol: The How and Why The Waledac Protocol: The How and Why Greg Sinclair idefense/ University of North Carolina at Charlotte gsinclair@idefense.com gssincla@uncc.edu Chris Nunnery University of North Carolina at Charlotte

More information

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified

More information

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

Protocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017

Protocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 CSC 401 Data and Computer Communications Networks Protocol Layers, Security Sec:1.5-1.6 Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 Outline Computer Networks and the Internet (Ch 1) 1.1

More information

Tumbling Down the Rabbit Hole:

Tumbling Down the Rabbit Hole: Tumbling Down the Rabbit Hole: Exploring the Idiosyncrasies of Botmaster Systems in a Multi-Tier Botnet Infrastructure Chris Nunnery Greg Sinclair Brent ByungHoon Kang [ University of North Carolina at

More information

Security activities in Japan towards the future standardization. Cybersecurity

Security activities in Japan towards the future standardization. Cybersecurity Security activities in Japan towards the future standardization Side Event Cybersecurity Koji NAKAO KDDI, Japan Content Current threats - Internet User in Japan - However, observation of many scans (by

More information

Cisco Stealthwatch. Internal Alarm IDs 7.0

Cisco Stealthwatch. Internal Alarm IDs 7.0 Cisco Stealthwatch Internal Alarm IDs 7.0 Stealthwatch Internal Alarm IDs Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7

More information

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

ETHICAL HACKING & COMPUTER FORENSIC SECURITY ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,

More information

Realtime C&C Zeus Packet Detection Based on RC4 Decryption of Packet Length Field

Realtime C&C Zeus Packet Detection Based on RC4 Decryption of Packet Length Field , pp.55-59 http://dx.doi.org/10.14257/astl.2014.64.14 Realtime C&C Zeus Packet Detection Based on RC4 Decryption of Packet Length Field ChulWoo Park 1, HyoSung Park 1, KiChang Kim 1 1 Information and Communication

More information

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES

More information

Dynamic Botnet Detection

Dynamic Botnet Detection Version 1.1 2006-06-13 Overview The widespread adoption of broadband Internet connections has enabled the birth of a new threat against both service providers and the subscribers they serve. Botnets vast

More information

MITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK

MITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK MITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK Kanimozhi.G, Santhiya.k, B.Tech[IT], B.Tech[IT], ACET, ACET, Kumbakonam, Kumbakonam, Kanigenesan96@gmail.com. Moorthisanthiya@gmail.com

More information

AN INTELLIGENT NETWORK TRAFFIC BASED BOTNET DETECTION SYSTEM

AN INTELLIGENT NETWORK TRAFFIC BASED BOTNET DETECTION SYSTEM AN INTELLIGENT NETWORK TRAFFIC BASED BOTNET DETECTION SYSTEM D.Gayatri 1, Ravi Kumar Routhu 2 1 Student, M.TECH, 2 Assistant Professor Department of CSE, MVGR College of Engineering ABSTRACT Networking

More information

Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng

Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:

More information

CS System Security 2nd-Half Semester Review

CS System Security 2nd-Half Semester Review CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This

More information

Seqrite Antivirus for Server

Seqrite Antivirus for Server Best server security with optimum performance. Product Highlights Easy installation, optimized antivirus scanning, and minimum resource utilization. Robust and interoperable technology makes it one of

More information

Security: Worms. Presenter: AJ Fink Nov. 4, 2004

Security: Worms. Presenter: AJ Fink Nov. 4, 2004 Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like

More information

Endpoint Security - what-if analysis 1

Endpoint Security - what-if analysis 1 Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File

More information

Network Security Fundamentals

Network Security Fundamentals Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Today s Threats Viruses

More information

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each. Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard

More information

A Taxonomy of Botnet Structures

A Taxonomy of Botnet Structures A Taxonomy of Botnet Structures Martin Lyckander martily 08/04/2016 About the paper David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee Georgia Institute of Technology Published in 2007 What is a botnet?

More information

Networks and Communications MS216 - Course Outline -

Networks and Communications MS216 - Course Outline - Networks and Communications MS216 - Course Outline - Objective Lecturer Times Overall Learning Outcomes Format Programme(s) The objective of this course is to develop in students an understanding of the

More information

Putting Trust Into The Network Securing Your Network Through Trusted Access Control

Putting Trust Into The Network Securing Your Network Through Trusted Access Control Putting Trust Into The Network Securing Your Network Through Trusted Access Control Steve Hanna, Juniper Networks Co-Chair, Trusted Network Connect Sub Group of Trusted Computing Group ACSAC December 2006

More information

Fighting the. Botnet Ecosystem. Renaud BIDOU. Page 1

Fighting the. Botnet Ecosystem. Renaud BIDOU. Page 1 Fighting the Botnet Ecosystem Renaud BIDOU Page 1 Bots, bots, bots Page 2 Botnet classification Internal Structure Command model Propagation mechanism 1. Monolithic Coherent, all features in one binary

More information

Exam Questions SY0-501

Exam Questions SY0-501 Exam Questions SY0-501 CompTIA Security+ https://www.2passeasy.com/dumps/sy0-501/ 1.. An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware

More information

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Data Communication. Chapter # 5: Networking Threats. By: William Stalling Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals

More information

Curso: Ethical Hacking and Countermeasures

Curso: Ethical Hacking and Countermeasures Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security

More information

SY0-501 Exam Questions Demo CompTIA. Exam Questions SY CompTIA Security+ Version:Demo

SY0-501 Exam Questions Demo   CompTIA. Exam Questions SY CompTIA Security+ Version:Demo CompTIA Exam Questions SY0-501 CompTIA Security+ Version:Demo 1.. An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which

More information

FloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer

FloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer 10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual

More information

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan

More information

Security and Authentication

Security and Authentication Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed

More information

P2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b

P2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b 2nd International Symposium on Advances in Electrical, Electronics and Computer Engineering (ISAEECE 2017) P2P Botnet Detection Method Based on Data Flow Wang Jiajia 1, a Chen Yu1,b 1 Taizhou Pylotechnic

More information

Detecting Malicious Hosts Using Traffic Flows

Detecting Malicious Hosts Using Traffic Flows Detecting Malicious Hosts Using Traffic Flows Miguel Pupo Correia joint work with Luís Sacramento NavTalks, Lisboa, June 2017 Motivation Approach Evaluation Conclusion Outline 2 1 Outline Motivation Approach

More information

Chapter 4: Networking and the Internet. Network Classifications. Network topologies. Network topologies (continued) Connecting Networks.

Chapter 4: Networking and the Internet. Network Classifications. Network topologies. Network topologies (continued) Connecting Networks. Chapter 4: Networking and the 4.1 Network Fundamentals 4.2 The 4.3 The World Wide Web 4.4 Protocols 4.5 Security Network Classifications Scope Local area network (LAN) Metropolitan area (MAN) Wide area

More information

Introduction to Security. Computer Networks Term A15

Introduction to Security. Computer Networks Term A15 Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the

More information

Quick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology.

Quick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology. Optimized Antivirus Scanning. Low on Resources. Strong on Technology. Product Highlights Quick Heal» Easy installation, optimized antivirus scanning, and minimum resource utilization.» Robust and interoperable

More information

Botnet Detection Using Honeypots. Kalaitzidakis Vasileios

Botnet Detection Using Honeypots. Kalaitzidakis Vasileios Botnet Detection Using Honeypots Kalaitzidakis Vasileios Athens, June 2009 What Is Botnet A Botnet is a large number of compromised computers, controlled by one or more Command-and-Control Servers, the

More information

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can Resources and Credits Denial of Service COMP620 Information on Denial of Service attacks can be found on Wikipedia. Graphics and some text in these slides was taken from the Wikipedia site The textbook

More information

GTIC Monthly Threat Report June 2017

GTIC Monthly Threat Report June 2017 GTIC Monthly Threat Report June 2017 Trickbot mac1 Phishing Campaign Name GTIC Monthly Threat Report June 2017 Owner Classification Status NTT Security GTIC TICT Aaron Perkins UNCLASSIFIED-EXTERNAL APPROVED

More information

Course 831 Certified Ethical Hacker v9

Course 831 Certified Ethical Hacker v9 Course 831 Certified Ethical Hacker v9 Duration: 5 days What You Get: CEH v9 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class hours dedicated to

More information

Jianhui Zhang, Ph.D., Associate Prof. College of Computer Science and Technology, Hangzhou Dianzi Univ.

Jianhui Zhang, Ph.D., Associate Prof. College of Computer Science and Technology, Hangzhou Dianzi Univ. Jianhui Zhang, Ph.D., Associate Prof. College of Computer Science and Technology, Hangzhou Dianzi Univ. Email: jh_zhang@hdu.edu.cn Copyright 2015 Pearson Education, Inc. Chapter 4: Networking and the Internet

More information

Configuring Access Rules

Configuring Access Rules Configuring Access Rules Rules > Access Rules About Access Rules Displaying Access Rules Specifying Maximum Zone-to-Zone Access Rules Changing Priority of a Rule Adding Access Rules Editing an Access Rule

More information

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization

More information

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved. User s Guide SingNet Desktop Security 2011 Copyright 2010 F-Secure Corporation. All rights reserved. Table of Contents 1. Getting Started... 1 1.1. Installing SingNet Desktop Security... 1 1.1.1. System

More information

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015 INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3

More information

Botnets Behavioral Patterns in the Network

Botnets Behavioral Patterns in the Network Botnets Behavioral Patterns in the Network Garcia Sebastian @eldracote Hack.Lu 2014 CTU University, Czech Republic. UNICEN University, Argentina. October 23, 2014 How are we detecting malware and botnets?

More information

From the unexpected side:! SkyNET

From the unexpected side:! SkyNET From the unexpected side:! SkyNET Sven Dietrich Stevens Institute of Technology February 2012 Dagstuhl Seminar 12061: Network Attack Detection and Defense Early Warning Systems Challenges and Perspectives

More information

Configuring the Botnet Traffic Filter

Configuring the Botnet Traffic Filter CHAPTER 46 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary

More information

Standard Categories for Incident Response (definitions) V2.1. Standard Categories for Incident Response Teams. Definitions V2.1.

Standard Categories for Incident Response (definitions) V2.1. Standard Categories for Incident Response Teams. Definitions V2.1. Standard Categories for Incident Response Teams Definitions V2.1 February 2018 Standard Categories for Incident Response (definitions) V2.1 1 Introduction This document outlines categories that Incident

More information

Défense In-Depth Security. Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom

Défense In-Depth Security. Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom Défense In-Depth Security Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom Siku Njema! Good Day! 2 Defense In-depth Security Approach SECTION 1 Introductions SECTION 4 Case - Study SECTION

More information

Multi-phase IRC Botnet & Botnet Behavior Detection Model

Multi-phase IRC Botnet & Botnet Behavior Detection Model Software Verification and Validation Multi-phase IRC Botnet & Botnet Behavior Detection Model Aymen AlAwadi aymen@tmit.bme.hu Budapest university of technology and economics Department of Telecommunications

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

Chapter 4: Networking and the Internet. Figure 4.1 Network topologies. Network Classifications. Protocols. (continued)

Chapter 4: Networking and the Internet. Figure 4.1 Network topologies. Network Classifications. Protocols. (continued) Chapter 4: Networking and the Internet Computer Science: An Overview Eleventh Edition by J. Glenn Brookshear Chapter 4: Networking and the Internet 4.1 Network Fundamentals 4.2 The Internet 4.3 The World

More information

Chapter 4: Networking and the Internet

Chapter 4: Networking and the Internet Chapter 4: Networking and the Internet Computer Science: An Overview Eleventh Edition by J. Glenn Brookshear Copyright 2012 Pearson Education, Inc. Chapter 4: Networking and the Internet 4.1 Network Fundamentals

More information

Your Turn to Hack the OWASP Top 10!

Your Turn to Hack the OWASP Top 10! OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application

More information

Deliverable 4.1: Experimental Evaluation and Real-world Deployment

Deliverable 4.1: Experimental Evaluation and Real-world Deployment SCIENTIFIC and TECHNOLOGICAL COOPERATION between RTD ORGANISATIONS in GREECE and RTD ORGANISATIONS in U.S.A, CANADA, AUSTRALIA, NEW ZEALAND, JAPAN, SOUTH KOREA, TAIWAN, MALAISIA and SINGAPORE HELLENIC

More information

Building a hybrid experimental platform for mobile botnet research

Building a hybrid experimental platform for mobile botnet research Building a hybrid experimental platform for mobile botnet research Apostolos Malatras EC JRC, Institute for the Protection and Security of the Citizen apostolos.malatras@jrc.ec.europa.eu Laurent Beslay

More information

JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]

JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives

More information

Intelligent and Secure Network

Intelligent and Secure Network Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define

More information

INDEX. browser-hijacking adware programs, 29 brute-force spam, business, impact of spam, business issues, C

INDEX. browser-hijacking adware programs, 29 brute-force spam, business, impact of spam, business issues, C HausmanIndexFinal.qxd 9/2/05 9:24 AM Page 354 browser-hijacking adware programs, 29 brute-force spam, 271-272 business, impact of spam, 274-275 business issues, 49-51 C capacity, impact of security risks

More information

A REVIEW OF PEER-TO-PEER BOTNET DETECTION TECHNIQUES

A REVIEW OF PEER-TO-PEER BOTNET DETECTION TECHNIQUES Journal of Computer Science 10 (1): 169-177, 2014 ISSN: 1549-3636 2014 doi:10.3844/jcssp.2014.169.177 Published Online 10 (1) 2014 (http://www.thescipub.com/jcs.toc) A REVIEW OF PEER-TO-PEER BOTNET DETECTION

More information

Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet

Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet Rhiannon Weaver 1 Chris Nunnery 2 Gautam Singaraju 2 Brent ByungHoon Kang 3 1 CERT/SEI 2 University of North Carolina 3 George Mason

More information

Lecture 1: Buffer Overflows

Lecture 1: Buffer Overflows CS5431 Computer Security Practicum Spring 2017 January 27, 2017 1 Conficker Lecture 1: Buffer Overflows Instructor: Eleanor Birrell In November 2008, a new piece of malware was observed in the wild. This

More information

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac. Simple, fast and seamless protection for Mac. Product Highlights Fast and highly responsive Virus Protection. Browsing Protection and Phishing Protection to keep malicious websites at bay. Smooth email

More information

Feasibility study of scenario based self training material for incident response

Feasibility study of scenario based self training material for incident response 24th Annual FIRST Conference Feasibility study of scenario based self training material for incident response June 21, 2012 Hitachi Incident Response Team Chief Technology and Coordination Designer Masato

More information

Stealthwatch System v6.9.0 Internal Alarm IDs

Stealthwatch System v6.9.0 Internal Alarm IDs Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE

More information

Chapter 6 Network and Internet Security and Privacy

Chapter 6 Network and Internet Security and Privacy Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal

More information

Lecture 12. Application Layer. Application Layer 1

Lecture 12. Application Layer. Application Layer 1 Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers

More information

Asst. Prof. Dept of CSE (UG),

Asst. Prof. Dept of CSE (UG), Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Efficient Threshold

More information

Practical Assessment 0523

Practical Assessment 0523 Practical Assessment 0523 Build the environment 1. Installing two forest domain controllers for the root domain muduri.com. Role Name FQDN IP address OS Primary DC SDC01 Sdc01.muduri.com 192.168.31.1/24

More information

Towards Complete Node Enumeration in a Peer-to-Peer Botnet

Towards Complete Node Enumeration in a Peer-to-Peer Botnet Towards Complete Node Enumeration in a Peer-to-Peer Botnet Brent ByungHoon Kang 1, Eric Chan-Tin 2, Christopher P. Lee 3, James Tyra 2, Hun Jeong Kang 2, Chris Nunnery 1, Zachariah Wadler 1, Greg Sinclair

More information

CSEE 4119 Computer Networks. Chapter 1 Introduction (4/4) Introduction 1-1

CSEE 4119 Computer Networks. Chapter 1 Introduction (4/4) Introduction 1-1 CSEE 4119 Computer Networks Chapter 1 Introduction (4/4) Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge! end systems, access networks, links 1.3 Network core! circuit switching,

More information

Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect

Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect Introduction Security has an increased focus from ALL businesses, whether they

More information

Elementary Computing CSC 100. M. Cheng, Computer Science

Elementary Computing CSC 100. M. Cheng, Computer Science Elementary Computing CSC 100 1 Internet (2) TCP/IP and IP Addresses Hostnames and Domain Name System Internet Services Client/Server and Peer- 2- Peer Applications SPAMs & Phishing, Worms, Viruses & Trojans

More information

The evolution of malevolence

The evolution of malevolence Detection of spam hosts and spam bots using network traffic modeling Anestis Karasaridis Willa K. Ehrlich, Danielle Liu, David Hoeflin 4/27/2010. All rights reserved. AT&T and the AT&T logo are trademarks

More information

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES CERT-In Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES Department of Information Technology Ministry of Communications and Information Technology Government of India Anti Virus

More information

BotDigger: A Fuzzy Inference System for Botnet Detection

BotDigger: A Fuzzy Inference System for Botnet Detection The Fifth International Conference on Internet Monitoring and Protection BotDigger: A Fuzzy Inference System for Botnet Detection Basheer Al-Duwairi Network Engineering and Security Department Jordan University

More information

Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data

Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data Mark Patrick Roeling & Geoff Nicholls Department of Statistics University of Oxford Data Science

More information

Citation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.

Citation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic. Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version

More information

Use Cases. E-Commerce. Enterprise

Use Cases. E-Commerce. Enterprise Use Cases E-Commerce Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the e-commerce sector. Each use case describes an individual challenge faced by e-commerce

More information

IxLoad-Attack TM : Network Security Testing

IxLoad-Attack TM : Network Security Testing IxLoad-Attack TM : Network Security Testing IxLoad-Attack tests network security appliances to validate that they effectively and accurately block attacks while delivering high end-user quality of experience

More information