Botnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran
|
|
- Megan McDaniel
- 6 years ago
- Views:
Transcription
1 Guide: Dr. B Ravindran
2 Outline 1 Introduction
3 Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc.
4 Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc. How is it all possible? By owning a million computers 3
5 Big Picture Recent Incidents Reasons for Study Notable Attacks South Korean Government websites. Wordpress.com Estonian Government websites. Yahoo, ebay. Network security firms. 4
6 Big Picture Recent Incidents Reasons for Study Why is this problem hard? Key issues Co-ordiated Control CnC channels Detection methods available Specific to attack types Working of bots vary Infection vector wide array of mechanisms to infect a machine 5
7 Definitions Command and Control Centralized & P2P Key Words Bot Infected host, can be remotely controlled. Botnet Network of bots. Botmaster Attacker who controls bots remotely. CnC Command and Control. IRC Internet Relay Chat. P2P Peer-to-Peer Communication. 6
8 Definitions Command and Control Centralized & P2P General Working Uses of CnC Major uses of CnC channels for a Bot Master. Rendezvous for bots Give commands to bots Updates to bot software Types of CnC Centralized CnC P2P CnC 7
9 Definitions Command and Control Centralized & P2P Types Centralized Major protocol used: IRC Easy to control and co-ordinate Single point of failure P2P Distributed servers instead of one Highly resilient Command latency is high 8
10 Modus Operandi CnC servers Bot binaries Infected hosts 4 Internet DNS lookup 1 Vulnerable machine Figure: Botnet 9
11 Bot download CnC communication Communicating with bots BotMiner [3] Argument: Bots belonging to same botnet behave similarly Approach: Monitor network traffic from two different views Activity Plane: who is doing what Communication Plane: who is talking to whom Cluster entities which behave abnormally in both planes Other approaches Bot Hunter [4] 10
12 IRC based bots Introduction Bot download CnC communication IRC nick name [1] Argument: IRC nick used by bots follow regular pattern IRC traffic [6] Two step approach 1 Separate IRC traffic from other traffic 2 Separate bot IRC traffic from normal IRC traffic 11
13 Bot download CnC communication P2P bots Challenges [5, 2] Loosely coupled nature of P2P protocols P2P networks are harder to monitor, shutdown Bot masters can write custom protocols for CnC Can have encrypted communication channels Need not follow standard communication behavior 12
14 Honeypot Honeypots & Honeynets [7] Uses and Working To gain insight into bot malware Vulnerable system left open for attackers to exploit Two types Low Interaction Honeypots High Interaction Honeypots 13
15 Jan Goebel and Thorsten Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. USENIX Security Symposium, J.B. Grizzard, V. Sharma, C. Nunnery, B.B.H. Kang, and D. Dagon. Peer-to-peer botnets: Overview and case study. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding, pages 1 8. USENIX Association, G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. In Proceedings of the 17th conference on Security symposium, pages USENIX Association, 2008.
16 G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages USENIX Association, Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, and Felix C. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In Networked Systems Design and Implementation, W. Lu, M. Tavallaee, and A.A. Ghorbani. Automatic discovery of botnet communities on large-scale communication networks.
17 In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages ACM, Niels Provos. A virtual honeypot framework. In USENIX Security Symposium, pages 1 14, 2004.
18 Thank You!
BotDigger: A Fuzzy Inference System for Botnet Detection
The Fifth International Conference on Internet Monitoring and Protection BotDigger: A Fuzzy Inference System for Botnet Detection Basheer Al-Duwairi Network Engineering and Security Department Jordan University
More informationBotCatch: Botnet Detection Based on Coordinated Group Activities of Compromised Hosts
2014 7th International Symposium on Telecommunications (IST'2014) BotCatch: Botnet Based on Coordinated Group Activities of Compromised Hosts Mosa Yahyazadeh and Mahdi Abadi Faculty of Electrical and Computer
More informationDetecting P2P Botnets through Network Behavior Analysis and Machine Learning
Detecting P2P Botnets through Network Behavior Analysis and Machine Learning Sherif Saad Email: shsaad@ece.uvic.ca Bassam Sayed Email: bassam@ece.uvic.ca Issa Traore Email: itraore@ece.uvic.ca David Zhao
More informationDetecting Spam Zombies By Monitoring Outgoing Messages
International Refereed Journal of Engineering and Science (IRJES) ISSN (Online) 2319-183X, (Print) 2319-1821 Volume 5, Issue 5 (May 2016), PP.71-75 Detecting Spam Zombies By Monitoring Outgoing Messages
More informationA Review- Botnet Detection and Suppression in Clouds Miss Namrata A. Sable #1, Prof. Dinesh S. Datar #2
A Review- Botnet Detection and Suppression in Clouds Miss Namrata A. Sable #1, Prof. Dinesh S. Datar #2 #1 M.E.(Computer science & Engineering, #2 Assistant Professor # Department of Computer Science &
More informationDeployment of Proposed Botnet Monitoring Platform using Online Malware Analysis for Distributed Environment
Indian Journal of Science and Technology, Vol 7(8), 1087 1093, August 2014 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 Deployment of Proposed Botnet Monitoring Platform using Online Malware Analysis
More informationMulti-Stream Fused Model: A Novel Real-Time Botnet Detecting Model
Bonfring International Journal of Data Mining, Vol. 7, No. 2, May 2017 6 Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model Jae Moon Lee and Thien Nguyen Phu Abstract--- In the current
More informationTowards Efficient and Privacy-Preserving NetworkBased Botnet Detection Using Netflow Data
Chapter 2 Security and Privacy Towards Efficient and Privacy-Preserving NetworkBased Botnet Detection Using Netflow Data S.Abt and H.Baier Center for Advanced Security Research, Faculty of Computer Science,
More informationDetecting P2P Botnets through Network Behavior Analysis and Machine Learning
211 Ninth Annual International Conference on Privacy, Security and Trust Detecting P2P Botnets through Network Behavior Analysis and Machine Learning Sherif Saad Email: shsaad@ece.uvic.ca Issa Traore Email:
More informationMulti-phase IRC Botnet & Botnet Behavior Detection Model
Software Verification and Validation Multi-phase IRC Botnet & Botnet Behavior Detection Model Aymen AlAwadi aymen@tmit.bme.hu Budapest university of technology and economics Department of Telecommunications
More informationREPORT DOCUMENTATION PAGE
REPORT DOCUMENTATION PAGE Form Approved OMB NO. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,
More informationBotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic
BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic Hyunsang Choi, Heejo Lee, and Hyogon Kim Div. of Computer & Communication Engineering Korea University Seoul, South KOREA {realchs,
More informationA Review-Botnet Detection and Suppression in Clouds
A Review-Botnet Detection and Suppression in Clouds Namrata A. sable M.E.(CSE) G. H. Raisoni College of Engineering & Management, Amravati SGBAU, Amravati University Amravati(MS), India E-mail: namratasable10@gmail.com
More informationAutomatic Discovery of Botnet Communities on Large-Scale Communication Networks
Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani University of New Brunswick Fredericton, NB E3B 5A3, Canada {wlu,m.tavallaee,ghorbani}@unb.ca
More informationSub-Botnet Cordination Using Tokens in a Switched Network
Utah State University DigitalCommons@USU Space Dynamics Lab Publications Space Dynamics Lab 1-1-2008 Sub-Botnet Cordination Using Tokens in a Switched Network Brandon Shirley Chad D. Mano Follow this and
More information4MMSR-Network Security Seminar. Peer-to-Peer Botnets: Overview and Case Study
4MMSR-Network Security 2011-2012 Seminar Peer-to-Peer Botnets: Overview and Case Study Julian B. Grizzard, Vikram Sharma, Chris Nunnery, and Brent ByungHoon Kang, David Dagon USENIX, 2007 1 Index Introduction
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationP2P Botnet Detection through Malicious Fast Flux Network Identification
P2P Botnet Detection through Malicious Fast Flux Network Identification David Zhao Department of Electrical and Computer Engineering University of Victoria Victoria, BC, Canada davidzhao@ieee.org Issa
More informationarxiv: v1 [cs.cr] 20 Dec 2015
Botnets Drilling Away Privacy Infrastructure arxiv:1512.06447v1 [cs.cr] 20 Dec 2015 1 Abstract Yang Yang kyang@ccs.neu.edu December 2015 Christophe Leung tophe@ccs.neu.edu In this paper, we explore various
More informationAccepted Manuscript. Original article. Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks
Accepted Manuscript Original article Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks Basheer N. Al-Duwairi, Ahmad T. Al-Hammouri PII: S2090-1232(14)00003-4 DOI: http://dx.doi.org/10.1016/j.jare.2014.01.002
More informationA REVIEW OF PEER-TO-PEER BOTNET DETECTION TECHNIQUES
Journal of Computer Science 10 (1): 169-177, 2014 ISSN: 1549-3636 2014 doi:10.3844/jcssp.2014.169.177 Published Online 10 (1) 2014 (http://www.thescipub.com/jcs.toc) A REVIEW OF PEER-TO-PEER BOTNET DETECTION
More informationCatching modern botnets using active integrated evidential reasoning
Tang et al. Journal of Internet Services and Applications 2013, 4:20 RESEARCH Catching modern botnets using active integrated evidential reasoning Yongning Tang 1*, Guang Cheng 2,3,JamesTYu 4 and Bin Zhang
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK SPAM DETECTION USNIG SPOT TOOL SURAJ KUTE, DIPIKA MOHOD, PAYAL SHIRE, PRATIKSHA
More informationFast Deployment of Botnet Detection with Traffic Monitoring
2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing Fast Deployment of Botnet Detection with Traffic Monitoring Chung-Huang Yang Nation Kaohsiung Normal
More informationOutline. Motivation. Our System. Conclusion
Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve
More informationDetection of Botnets Using Combined Host- and Network-Level Information
201O IEEEIIFIP International Conference on Dependable Systems & Networks (DSN) Detection of Botnets Using Combined Host- and Network-Level Information Yuanyuan Zeng, Xin Hu, Kang G. Shin The University
More informationMITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK
MITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK Kanimozhi.G, Santhiya.k, B.Tech[IT], B.Tech[IT], ACET, ACET, Kumbakonam, Kumbakonam, Kanigenesan96@gmail.com. Moorthisanthiya@gmail.com
More informationMISHIMA: Multilateration of Internet hosts hidden using malicious fast-flux agents (Short Paper)
MISHIMA: Multilateration of Internet hosts hidden using malicious fast-flux agents (Short Paper) Greg Banks, Aristide Fattori, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna University of California,
More informationExploiting SIP for Botnet Communication
Exploiting SIP for Botnet Communication Andreas Berger ftw. Telecommunications Research Center Vienna Vienna, Austria Mohamed Hefeeda School of Computing Science Simon Fraser University Surrey, BC, Canada
More informationAttack Patterns Recognition Framework
Attack Patterns Recognition Framework Noor-ul-hassan Shirazi, Alberto Schaeffer-Filho and David Hutchison Lancaster University MSN2012:The Multi Service Networks Workshop Cosener s House, Abingdon, Oxfordshire,
More informationThis is the published version of this conference paper:
QUT Digital Repository: http://eprints.qut.edu.au/ This is the published version of this conference paper: White, Andrew and Tickle, Alan and Clark, Andrew (2010) Overcoming reputation and proof-of-work
More informationBotTrack: Tracking Botnets Using NetFlow and PageRank
BotTrack: Tracking Botnets Using NetFlow and PageRank Jérôme François, Shaonan Wang, Radu State, and Thomas Engel Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg
More informationDNS Security. Ch 1: The Importance of DNS Security. Updated
DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17 DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationHeuristics for Detecting Botnet Coordinated Attacks
Heuristics for Detecting Botnet Coordinated Attacks Kazuya Kuwabara Hiroaki Kikuchi Graduate School of Science and Technology, Tokai University, 1117 Kitakaname, Hiratsuka, Kanagawa 259-1292, Japan mulberry@cs.dm.u-tokai.ac.jp
More informationDetection of Network Intrusion and Countermeasure Selection in Cloud Systems
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. X (Mar-Apr. 2014), PP 84-88 Detection of Network Intrusion and Countermeasure Selection in
More informationPeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis
PeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis Di Zhuang, J. Morris Chang Department of Electrical Engineering, University of South Florida, Tampa, Florida 33620 Email:
More informationA Taxonomy of Botnet Structures
A Taxonomy of Botnet Structures Martin Lyckander martily 08/04/2016 About the paper David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee Georgia Institute of Technology Published in 2007 What is a botnet?
More informationBotnet Communication Topologies
Understanding the intricacies of botnet Command-and-Control By Gunter Ollmann, VP of Research, Damballa, Inc. Introduction A clear distinction between a bot agent and a common piece of malware lies within
More informationTowards a Theoretical Framework for Trustworthy Cyber Sensing
Towards a Theoretical Framework for Trustworthy Cyber Sensing Shouhuai Xu Department of Computer Science University of Texas at San Antonio shxu@cs.utsa.edu ABSTRACT Cyberspace is an indispensable part
More informationInternational Journal of Computer Trends and Technology (IJCTT) Volume54 Issue 1- December 2017
A Reliable & Scalable Frame Work for HTTP BotNet Detection Dr.R.Kannan, Associate Professor, Department of Computerscience,Sri Ramakrishna Mission Vidyalaya College of arts and science Mrs.Poongodi Department
More informationCOUNTERMEASURE SELECTION FOR VIRTUAL NETWORK SYSTEMS USING NETWORK INTRUSION DETECTION
International Journal of Computer Engineering and Applications, Volume IX, Issue VIII, August 2015 www.ijcea.com ISSN 2321-3469 COUNTERMEASURE SELECTION FOR VIRTUAL NETWORK SYSTEMS USING NETWORK INTRUSION
More informationRevisiting Botnet Models and Their Implications for Takedown Strategies
Revisiting Botnet Models and Their Implications for Takedown Strategies Ting-Fang Yen and Michael K. Reiter 2 RSA Laboratories, Cambridge, MA tingfang.yen@rsa.com 2 University of North Carolina, Chapel
More informationTake a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype
Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa 1, Aristide Fattori 1, Marco Balduzzi 2 Matteo Dell Amico 2, and Lorenzo Cavallaro 3 1 DICo, Università degli
More informationAttack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing
Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing RIPE 50 Stockholm, Sweden Danny McPherson danny@arbor.net May 3, 2005 Agenda What s a bot and what s it used for?
More informationA brief Incursion into Botnet Detection
A brief Incursion into Anant Narayanan Advanced Topics in Computer and Network Security October 5, 2009 What We re Going To Cover 1 2 3 Counter-intelligence 4 What Are s? Networks of zombie computers The
More informationDevelopment of a Scalable System for Stealthy P2P Botnet Detection
Development of a Scalable System for Stealthy P2P Botnet Detection Navya Balla 1, P.V. Siva Kumar 2 1 M.Tech Student (SE), VNR VignanaJyothi Institute of Engineering and Technology, Hyderabad, India 2
More informationAnalysis the P2P botnet detection methods
Analysis the P2P botnet detection methods Atef Ahmed Obeidat 1 1 Al-Huson University College, Al-Balqa Applied University, Al-Huson, Jordan ABSTRACT Botnets are one of the most important Internet security
More informationDETECTION OF INTRUSION AND PRESERVING PRIVACY FOR DATA IN CLOUD STORAGE SYSTEM
International Journal of Power Control and Computation(IJPCSC) Vol 7. No.1 2015 Pp. 35-40 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 0976-268X -------------------------------------------------------------------------------------------------------------------------------------------------------------------
More informationSecurity activities in Japan towards the future standardization. Cybersecurity
Security activities in Japan towards the future standardization Side Event Cybersecurity Koji NAKAO KDDI, Japan Content Current threats - Internet User in Japan - However, observation of many scans (by
More informationA Multifaceted Approach to Understanding the Botnet Phenomenon
Technische Universität Berlin Seminar Internet Measurements Betreuer: Gregor Maier A Multifaceted Approach to Understanding the Botnet Phenomenon Abstract The following text is a summary of the original
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationNorman presentation. From Storm to Waledac. By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA
Norman presentation From Storm to Waledac By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA Storm first peer-to-peer botnet Old method IRC-server Specific chat-channels and run commandoes via
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationDetecting encrypted traffic: a machine learning approach
Detecting encrypted traffic: a machine learning approach Seunghun Cha and Hyoungshick Kim Department of Software, Sungkyunkwan University, Republic of Korea {sh.cha, hyoung}@skku.edu Abstract. Detecting
More informationTraceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee
Traceback Attacks in Cloud Pebbletrace Botnet 2012 32nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Outline Introduction Key Identification Botnet attack in
More informationBOTNET-GENERATED SPAM
BOTNET-GENERATED SPAM By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009 www.securitycartoon.com 3/27/2009 Areej Al-Bataineh - Botnet-generated Spam 2 1 Botnets: A Global
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationEffective Discovery Of Detecting Spam Zombies by Spot Detection System
Effective Discovery Of Detecting Spam Zombies by Spot Detection System 1 Patchipulusu Anupama,2 P.Karunakar Reddy, 3 S.Suresh 1,2,3 D ept. of CSE, Sree Rama Institute of Technology & Science, SKuppenakuntla,
More informationA Review of Network Intrusion Detection and Countermeasure
A Review of Network Intrusion Detection and Countermeasure 1 K.Vikram, 2 B.Anitha, 3 G.Padmavathi, 4 D.Sravani 1,2,3,4 Dept of CSE, TKR Engineering College, Meerpet, Hyderabad, India Abstract Nowadays
More informationBotnet Detection Using Honeypots. Kalaitzidakis Vasileios
Botnet Detection Using Honeypots Kalaitzidakis Vasileios Athens, June 2009 What Is Botnet A Botnet is a large number of compromised computers, controlled by one or more Command-and-Control Servers, the
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationBotnet Behaviour Analysis using IP Flows
2014 28th International Conference on Advanced Information Networking and Applications Workshops Botnet Behaviour Analysis using IP Flows With HTTP filters using classifiers Fariba Haddadi, Jillian Morgan,
More informationSize Matters Measuring a Botnet Operator s Pinkie
VB2010, Vancouver Size Matters Measuring a Botnet Operator s Pinkie Gunter Ollmann, VP Research gollmann@damballa.com About Gunter Ollmann VP of Research, Damballa Inc. Board of Advisors, IOActive Inc.
More informationEnhanced Malware Monitor in SDN using Kinetic Controller
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727 PP 46-52 www.iosrjournals.org Enhanced Malware Monitor in SDN using Kinetic Controller Jiphi T S, Simi Krishna K R Department
More informationResearch Article Detection of Malware Propagation in Sensor Node and Botnet Group Clustering Based on Spam Analysis
International Journal of Distributed Sensor Networks Volume 2015, Article ID 530250, 12 pages http://dx.doi.org/10.1155/2015/530250 Research Article Detection of Malware Propagation in Sensor Node and
More informationDetecting Stealthy Malware Using Behavioral Features in Network Traffic
Detecting Stealthy Malware Using Behavioral Features in Network Traffic Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical and Computer Engineering
More informationElementary Computing CSC 100. M. Cheng, Computer Science
Elementary Computing CSC 100 1 Internet (2) TCP/IP and IP Addresses Hostnames and Domain Name System Internet Services Client/Server and Peer- 2- Peer Applications SPAMs & Phishing, Worms, Viruses & Trojans
More informationSDN-GUARD: Protecting SDN Controllers Against SDN Rootkits
SDN-GUARD: Protecting SDN Controllers Against SDN Rootkits Dennis Tatang, Florian Quinkert, Joel Frank, Christian Röpke, and Thorsten Holz Horst Görtz Institute for IT-Security (HGI) Ruhr-University Bochum,
More informationStorm Worm: A P2P Botnet
Storm Worm: A P2P Botnet Nelly Marylise Mukamurenzi Master of Science in Communication Technology Submission date: February 2008 Supervisor: Svein Johan Knapskog, ITEM Co-supervisor: Andre Aarnes, Kripos
More informationCE Advanced Network Security Botnets
CE 817 - Advanced Network Security Botnets Lecture 11 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationPeering into Botnets via Fast Flux Enumeration: The ATLAS Experience. Jose Nazario, Ph.D. FIRST 2008 NSM-SIG Vancouver
Peering into Botnets via Fast Flux Enumeration: The ATLAS Experience Jose Nazario, Ph.D. FIRST 2008 NSM-SIG Vancouver Project o ATLAS - global Internet monitoring o Fast flux - used to discover bots/infected
More informationBotCloud: Detecting Botnets Using MapReduce
BotCloud: Detecting Botnets Using MapReduce Jérôme François, Shaonan Wang, Walter Bronzi, Radu State, Thomas Engel To cite this version: Jérôme François, Shaonan Wang, Walter Bronzi, Radu State, Thomas
More informationBenchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification
Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification Fariba Haddadi and A. Nur Zincir-Heywood Faculty of Computer Science Dalhousie University Halifax, NS, Canada
More informationWhy to talk about Botnets
Botnets 1 Why to talk about Botnets Botnet could be a most powerful supercomputer in the world [1]. Recent attack on Estonia. Vehicle for cyber-terrorism and cyber crime. Very serious security threat that
More informationOn the Effectiveness of Structural Detection and Defense Against P2P-based Botnets
On the Effectiveness of Structural Detection and Defense Against PP-based Botnets Duc T. Ha Guanhua Yan Stephan Eidenbenz Hung Q. Ngo (Contact Author) Dept of Computer Science and Engineering Information
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationAssociation Rule Based Data Mining Approach to HTTP Botnet Detection
Association Rule Based Data Mining Approach to Botnet Detection Jignesh Vania 1, Arvind Meniya 2 and Harikrishna Jethva 3 1 Master of Engineering (I.T Dept) SSEC, Bhavnagar, GTU 2 Assistant Professor,
More informationA SURVEY OF BOTNET DETECTION TECHNIQUES BY COMMAND AND CONTROL INFRASTRUCTURE
A Survey of Botnet Detection Techniques by Command... JDFSL V10N1 A SURVEY OF BOTNET DETECTION TECHNIQUES BY COMMAND AND CONTROL INFRASTRUCTURE Thomas S. Hyslip, Sc.D. Norwich University 919-274-4526 thyslip@norwich.edu
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationA Framework for Attack Patterns Discovery in Honeynet Data
DIGITAL FORENSIC RESEARCH CONFERENCE A Framework for Attack Patterns Discovery in Honeynet Data By Olivier Thonnard, Marc Dacier Presented At The Digital Forensic Research Conference DFRWS 2008 USA Baltimore,
More informationJournal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):1055-1063 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 The novel approach of P2P Botnet Node-based detection
More informationP2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b
2nd International Symposium on Advances in Electrical, Electronics and Computer Engineering (ISAEECE 2017) P2P Botnet Detection Method Based on Data Flow Wang Jiajia 1, a Chen Yu1,b 1 Taizhou Pylotechnic
More informationECIT Institute (Est.2003)
ECIT Institute (Est.2003) Research Excellence & Innovation 180 people 4 Queen s University Belfast Research Groups - Digital Communications - High Frequency Electronics - Speech, Imaging and Vision Systems
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationChapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
More informationIC B01: Internet Security Threat Report: How to Stay Protected
IC B01: Internet Security Threat Report: How to Stay Protected Piero DePaoli Director, Product Marketing IC B01: Internet Security Threat Report: How to Stay Protected 1 Topics 1 Targeted Attacks 2 Spam
More informationDetection of Malicious Payload Distribution Channels in DNS
Detection of Malicious Payload Distribution Channels in DNS A. Mert Kara, Hamad Binsalleeh, Mohammad Mannan, Amr Youssef, and Mourad Debbabi National Cyber Forensics and Training Alliance Canada Concordia
More informationRadware: Anatomy of an IoT Botnet and Economics of Defense
BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018 Theme of Discussion
More informationMitigating the Botnet Problem: From Victim to Botmaster
Mitigating the Botnet Problem: From Victim to Botmaster A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science at George Mason University. By Daniel Ramsbrock
More informationA SURVEY TO ANALYSE MITIGATION TECHNIQUES FOR DISTRIBUTED DENIAL OF SERVICE ATTACKS
International Journal of Civil Engineering and Technology (IJCIET) Volume 9, Issue 11, November 2018, pp. 1437 1446, Article ID: IJCIET_09_11_139 Available online at http://www.iaeme.com/ijciet/issues.asp?jtype=ijciet&vtype=9&itype=10
More informationWith turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure
Decoding DNS data If you have a large DNS infrastructure, understanding what is happening with your real-time and historic traffic is difficult, if not impossible. Until now, the available network management
More informationQUARTERLY TRENDS AND ANALYSIS REPORT
September 1, 2007 Volume 2, Issue 3 QUARTERLY TRENDS AND ANALYSIS REPORT www.us-cert.gov Introduction This report summarizes and provides analysis of incident reports submitted to US-CERT during the U.S.
More informationCitation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.
Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version
More informationAN INTRUSION PREVENTION SYSTEM USING FIRECOL FOR THE DETECTION AND MITIGATION OF FLOODING DDOS ATTACKS
AN INTRUSION PREVENTION SYSTEM USING FIRECOL FOR THE DETECTION AND MITIGATION OF FLOODING DDOS ATTACKS Abstract Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Anthony V. Teelucksingh Computer Crime and Intellectual Property Section (CCIPS) Criminal
More informationMalware Research at SMU. Tom Chen SMU
Malware Research at SMU Tom Chen SMU tchen@engr.smu.edu www.engr.smu.edu/~tchen Outline About SMU and Me Virus Research Lab Early Worm Detection Epidemic Modeling New Research Interests TC/BT/11-5-04 SMU
More informationBackground. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2
9/30/2009 TRAI 1 Background Threats Present Status Challenges and Strategies 9/30/2009 TRAI 2 Critical infrastructure means the computers, computer systems, and/or networks, whether physical or virtual,
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More information