A Taxonomy of Botnet Structures
|
|
- Kristopher Eaton
- 5 years ago
- Views:
Transcription
1 A Taxonomy of Botnet Structures Martin Lyckander martily 08/04/2016
2 About the paper David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee Georgia Institute of Technology Published in 2007
3 What is a botnet? Hosts under control of a third party Infection vectors vary Can be self propogating Different means of communication in different botnets Various capabilites: Spam DDoS Keylogging / Data exfiltration Scanning/Bruteforce Clickfraud Two categories of reasons when a bot leaves the botnet Random failures Targeted responses Botnet topology can be seen as a network graph
4 The botmaster
5 The need for a taxonomy Botnets are diverse Size may vary greatly Threat of a botnet is not only about number of infected hosts High speed internet vs ADSL Uptime of nodes in the botnet Determine the potential of the botnet analysed
6 Purpose of a taxonomy (a) assist the defender in identifying possible types of botnets (b) describe key properties of botnet classes, so researchers may focus their efforts on beneficial response technologies. One method to take down one type of botnet is not necessarily as effective on other types
7 Metrics Effectiveness Robustness Efficiency
8 Effectiveness Measure of overall utility to the botmaster Size (The giant component, S) and bandwidth The giant component is the largest online/connected portion of bots reachable by the botmaster In a DDoS: largest amount of bots that can receive and execute commands Botnets are diurnal - affects available bandwidth Often related to link speed This is probably a lesser factor today in some parts of the world than when the paper was written Home-routers in botnets: spike -malware In the future: IoT, cellphones
9 Effectiveness cont. Available average bandwidth from a bot: B Complex problem for a single link - for botnets, even harder B is the average cumulative bandwidth available to the botmaster under ideal circumstances The paper classifies bots based on link speed Modem (type 1) DSL/cable (type 2) High speed internet (type 3) The chance of a bot belonging to a group is P, M=Max network bandwidth, A=Network bandwidth, W= Probability of a bot being online
10 Efficiency Communication in the botnet - C&C messages, updates or data exfiltration Network diameter The geodesic length between nodes Degrees of separation Six degrees of separation - l = 6 The inverse, l-inv is used in the taxonomy Average length of the shortest edge connecting two nodes If l-inverse is small, the communication can ble classified as slow. l-inv = 0, no connection l-inv = 1, fully connected d(v,w) = distance between node v and w
11 Efficiency cont. Distance is not the physical connections between the nodes One physical jump(lan) between could be several jumps in the botnet Topology defined by the botmaster The ideal network diameter is l-inv=1
12 Robustness The network diameter (l-inverse) is also relevant for robustness High connectivity between bots means high fault-tolerance Bots are added and removed from the botnet constantly Instead of only using the network diameter, local transitivity can be used to measure redundancy Given three nodes, u, w, v, with the existing pairs {u, w} and {u, v}, local transitivity measures the likelihood of u and v also being connected Clustering coefficient - average degree of local transitivity: (gamma) Ev is the number of edges around node v. Kv is the number of nodes around node v
13 Robustness cont. The three nodes u,v,w forms a triad measures the number of triads divided by the maximal number of triads = 1 means that the botnet topology is a complete mesh Local transitivity is important for some types of botnets Warez Key-/password-cracking Bruteforcing
14 Botnet network models
15 Erdős Rényi Random Graph Models Botnet structured as a random graph Equal probability N-1 that one node is connected to an other This means that a bot must know the address of all other bots to potentially create an edge Botmasters limit the maximum number of connections for their hosts Random graphs require some central logging of nodes in the network The first bot in a chain do not get information about subsequent infections Easy to discover infections for honeypot operators A challenge for botnets distributed through scanning/spam The first in the infection chain does not know of subsequent infections Scanning for active bots is a possibility
16 Erdős Rényi Random Graph Models
17 Watts-Strogatz Small World Models Network is created in a ring Each node has a probability of being connected to nodes on the opposite side of the ring During spreading in a self-propagating botnet: A new infection can receive a list of previously infected victims When the infected hosts then passes along the list of victims to new infections it appends its own address Typically limited number of addresses in list to hinder security researchers
18 Barabási-Albert Scale Free Model Highly connected central nodes, hubs Leaf nodes has fewer connections IRC based botnets Very vulnerable to targeted responses by researchers Taking down the central hubs, e.g. the IRC servers used
19 P2P models Structured and unstructured topologies The unstructured P2P botnets tend to have similar link distributions as the scale free botnets Some nodes have a much larger peer list than others Distributed hash table(dht) Structured botnets are more similar to random networks, as each bot in the botnet is connected to approximately the same amount of other bots Kazaa/Gnutella
20 Response strategies The response strategies proposed is based on previous research, and an empirical study on two different botnets in January 2006 Previously known: Targeting C&C infrastructure is efficient!
21 Random graph and P2P models Empirical studies have shown a median node degree k = 5,5 Network diameter is logarithmically increasing with values for k, but this is only for larger values of k. Realistic values show a linear growth Giant (S), number of reachable hosts for the botmaster Local transitivity ( ) is also logarithmically increasing, but not for realistic values of k
22 Random graph and P2P models - loss of nodes Targeted responses and random failures have the same effect Low impact! P2P networks often have a k equal to log N where N is the size of the botnet Therefore slightly more resilient than random graph Loss of nodes are constant in the three metrics Random graph and p2p botnets are very resilient Remediation techniques Remove a large number of nodes at once Targeted respones : Address list poisoning, P2P index poisoning
23 Wattz-Strogatz model Research shows some botnets using this model Low utility to the botmaster The average degree in a small world model is equal to the number of edges each vertex has Constant decay of all metrics as nodes are removed Other advantages Stealthy propogation Anonymity In other domains researchers state that small world model is essentially a random graph
24 Scale free and structured P2P models Targeted responses are highly effective The core size, C, is the number of bots which function as hubs Distributing commands 5k botnet Adding a large amount of cores does not affect network diameter measures the number of triads Dip in the graph is caused by Core-nodes forming squares, while triads are measured locally Upon adding more cores, transitivity grows as Core-nodes also form triads
25 Transitivity loss in scale free The botmaster whishes to avoid transitivity A low amount of core nodes makes the botnet vulnerable to takedowns By increasing number of links for leaf nodes, the dip is lower A high link count makes bots vulnerable to anomaly detection (e.g. netflow analysis) Changes in transitivity vs core size
26 Scale free targeted responses and random loss Centralizing information makes the network vulnerable Targeted responses are highly effective
27 Case study: Nugache botnet Uses the WASTE file sharing protocol Hard-coded IP-addresses to retrieve a list of initial peers Continues to connect and discover to new peers Spread through P2P, resulting mesh is a scale free network Low link count for each leaf node Link count in Nugache leaf nodes
28 Takedown of the ZeroAccess botnet (Not covered in the paper) Clickfraud, search-hijacking P2P based New peers were pushed to all bots using a broadcast mechanism Unstructured Cost online advertizers $2,7 million each month More than 2 million infected hosts, 800k active each day Takedown in 2013 by Microsoft, Europol and FBI Sinkholed 18 IP-adresses, 49 domains Targeted the mechanism to broadcast new configurations/updates to newly infected bots P2P layer was still intact, botnet masters still making money Botnet still alive today, but at limited capacity
29 Empirical study: Available bandwidth in botnets Botnet 1: 50,000 unique members, sample size of 7,326 Measured in January 2005 Botnet 2: 48,000 unique members, sample size of 3,391 Measured in January 2006
30 Bandwidth in botnets cont. - Taking diurnal activity into account, with [2, 4,24] for each class of bots - Botnet 1 has a DDoS capability of ~1 Gbps - 2,000 less members in botnet 2, but only half the DDoS capability - Could potentially be used to determine which botnet to target in takedowns - Targeted responses against high speed bots can be very impactfull Botnet 1 Botnet 2 Average available bandwidth ~53 Kbps ~39 Kbps Accounted for diurnal ~22 Kbps ~14 Kbps
31 Summary Proposed metrics to measure botnets utility to the botmaster Structured P2P botnets and random graph botnets are resilient to both targeted and random responses Targeted responses are effective on scale free botnets
32 Questions?
33 Further reading - Paper published in 2013 about resilience of different P2P botnets - P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets -
(Social) Networks Analysis III. Prof. Dr. Daning Hu Department of Informatics University of Zurich
(Social) Networks Analysis III Prof. Dr. Daning Hu Department of Informatics University of Zurich Outline Network Topological Analysis Network Models Random Networks Small-World Networks Scale-Free Networks
More informationRevisiting Botnet Models and Their Implications for Takedown Strategies
Revisiting Botnet Models and Their Implications for Takedown Strategies Ting-Fang Yen and Michael K. Reiter 2 RSA Laboratories, Cambridge, MA tingfang.yen@rsa.com 2 University of North Carolina, Chapel
More informationLesson 4. Random graphs. Sergio Barbarossa. UPC - Barcelona - July 2008
Lesson 4 Random graphs Sergio Barbarossa Graph models 1. Uncorrelated random graph (Erdős, Rényi) N nodes are connected through n edges which are chosen randomly from the possible configurations 2. Binomial
More informationBotnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran
08-08-2011 Guide: Dr. B Ravindran Outline 1 Introduction 2 3 4 5 6 2 Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc.
More informationWorm Detection, Early Warning and Response Based on Local Victim Information
Worm Detection, Early Warning and Response Based on Local Victim Information Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley Georgia Institute of Technology ACSAC'04 1
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationState of the art and challenges
Advanced Monitoring in P2P Botnets State of the art and challenges Kami Memimpin We Lead Kami Memimpin We Lead About Me Dr. Shankar Karuppayah Senior Lecturer (NAv6) Universiti Sains Malaysia (USM) Research
More informationOn the Robustness of Random Walk Algorithms for the Detection of Unstructured P2P Botnets
On the Robustness of Random Walk Algorithms for the Detection of Unstructured P2P Botnets Dominik Muhs 1 1 Stefen Haas 2 Technische Universität Dresden Dresden, Germany firstllast@tuddresdenlde Thorsten
More informationCSCI5070 Advanced Topics in Social Computing
CSCI5070 Advanced Topics in Social Computing Irwin King The Chinese University of Hong Kong king@cse.cuhk.edu.hk!! 2012 All Rights Reserved. Outline Graphs Origins Definition Spectral Properties Type of
More informationM.E.J. Newman: Models of the Small World
A Review Adaptive Informatics Research Centre Helsinki University of Technology November 7, 2007 Vocabulary N number of nodes of the graph l average distance between nodes D diameter of the graph d is
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationCS-E5740. Complex Networks. Scale-free networks
CS-E5740 Complex Networks Scale-free networks Course outline 1. Introduction (motivation, definitions, etc. ) 2. Static network models: random and small-world networks 3. Growing network models: scale-free
More informationStatistical Assessment of Peer-to-Peer Botnet Features. Teghan Godkin B.Eng., University of Victoria, 2010
Statistical Assessment of Peer-to-Peer Botnet Features by Teghan Godkin B.Eng., University of Victoria, 2010 A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of MASTER OF APPLIED
More informationWednesday, March 8, Complex Networks. Presenter: Jirakhom Ruttanavakul. CS 790R, University of Nevada, Reno
Wednesday, March 8, 2006 Complex Networks Presenter: Jirakhom Ruttanavakul CS 790R, University of Nevada, Reno Presented Papers Emergence of scaling in random networks, Barabási & Bonabeau (2003) Scale-free
More informationNetwork Security Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Today s Threats Viruses
More informationCE Advanced Network Security Botnets
CE 817 - Advanced Network Security Botnets Lecture 11 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationIntroduction to network metrics
Universitat Politècnica de Catalunya Version 0.5 Complex and Social Networks (2018-2019) Master in Innovation and Research in Informatics (MIRI) Instructors Argimiro Arratia, argimiro@cs.upc.edu, http://www.cs.upc.edu/~argimiro/
More informationMulti-Stream Fused Model: A Novel Real-Time Botnet Detecting Model
Bonfring International Journal of Data Mining, Vol. 7, No. 2, May 2017 6 Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model Jae Moon Lee and Thien Nguyen Phu Abstract--- In the current
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationBotnet Communication Topologies
Understanding the intricacies of botnet Command-and-Control By Gunter Ollmann, VP of Research, Damballa, Inc. Introduction A clear distinction between a bot agent and a common piece of malware lies within
More informationVideo-Aware Networking: Automating Networks and Applications to Simplify the Future of Video
Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video The future of video is in the network We live in a world where more and more video is shifting to IP and mobile.
More informationComplex Networks. Structure and Dynamics
Complex Networks Structure and Dynamics Ying-Cheng Lai Department of Mathematics and Statistics Department of Electrical Engineering Arizona State University Collaborators! Adilson E. Motter, now at Max-Planck
More informationFast Deployment of Botnet Detection with Traffic Monitoring
2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing Fast Deployment of Botnet Detection with Traffic Monitoring Chung-Huang Yang Nation Kaohsiung Normal
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationIntroduction to Peer-to-Peer Systems
Introduction Introduction to Peer-to-Peer Systems Peer-to-peer (PP) systems have become extremely popular and contribute to vast amounts of Internet traffic PP basic definition: A PP system is a distributed
More informationREPORT DOCUMENTATION PAGE
REPORT DOCUMENTATION PAGE Form Approved OMB NO. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,
More informationAdvanced Distributed Systems. Peer to peer systems. Reference. Reference. What is P2P? Unstructured P2P Systems Structured P2P Systems
Advanced Distributed Systems Peer to peer systems Karl M. Göschka Karl.Goeschka@tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ AdvancedDistributedSystems/ What is P2P Unstructured P2P Systems
More informationA SMS-Based Mobile Botnet Using Flooding Algorithm
A SMS-Based Mobile Botnet Using Flooding Algorithm Jingyu Hua and Kouichi Sakurai Department of Informatics, Kyushu University, {huajingyu, sakurai}@itslab.csce.kyushu-u.ac.jp Abstract. As a lot of sophisticated
More informationErdős-Rényi Model for network formation
Network Science: Erdős-Rényi Model for network formation Ozalp Babaoglu Dipartimento di Informatica Scienza e Ingegneria Università di Bologna www.cs.unibo.it/babaoglu/ Why model? Simpler representation
More informationHow Do Real Networks Look? Networked Life NETS 112 Fall 2014 Prof. Michael Kearns
How Do Real Networks Look? Networked Life NETS 112 Fall 2014 Prof. Michael Kearns Roadmap Next several lectures: universal structural properties of networks Each large-scale network is unique microscopically,
More information4MMSR-Network Security Seminar. Peer-to-Peer Botnets: Overview and Case Study
4MMSR-Network Security 2011-2012 Seminar Peer-to-Peer Botnets: Overview and Case Study Julian B. Grizzard, Vikram Sharma, Chris Nunnery, and Brent ByungHoon Kang, David Dagon USENIX, 2007 1 Index Introduction
More informationFighting the. Botnet Ecosystem. Renaud BIDOU. Page 1
Fighting the Botnet Ecosystem Renaud BIDOU Page 1 Bots, bots, bots Page 2 Botnet classification Internal Structure Command model Propagation mechanism 1. Monolithic Coherent, all features in one binary
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationSUPERCHARGE YOUR DDoS PROTECTION STRATEGY
ebook SUPERCHARGE YOUR DDoS PROTECTION STRATEGY Precision, Scalability, Automation and Affordability: four principles of an impermeable DDoS defense solution 1 INTRODUCTION DDoS attacks plague organizations
More informationOSSIR. 8 Novembre 2005
OSSIR 8 Novembre 2005 Arbor Networks: Security Industry Leader Arbor s Peakflow products ensure the security and operational integrity of the world s most critical networks Solid Financial Base Sales have
More informationIntroduction to OSPF
Campus Networking Introduction to OSPF Workshop Campus Layer-2 Networking Network Workshop Design These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license
More informationCitation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.
Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version
More informationAttack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing
Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing RIPE 50 Stockholm, Sweden Danny McPherson danny@arbor.net May 3, 2005 Agenda What s a bot and what s it used for?
More informationPeer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today
Network Science: Peer-to-Peer Systems Ozalp Babaoglu Dipartimento di Informatica Scienza e Ingegneria Università di Bologna www.cs.unibo.it/babaoglu/ Introduction Peer-to-peer (PP) systems have become
More informationmodern database systems lecture 10 : large-scale graph processing
modern database systems lecture 1 : large-scale graph processing Aristides Gionis spring 18 timeline today : homework is due march 6 : homework out april 5, 9-1 : final exam april : homework due graphs
More informationBuilding a hybrid experimental platform for mobile botnet research
Building a hybrid experimental platform for mobile botnet research Apostolos Malatras EC JRC, Institute for the Protection and Security of the Citizen apostolos.malatras@jrc.ec.europa.eu Laurent Beslay
More informationRANDOM-REAL NETWORKS
RANDOM-REAL NETWORKS 1 Random networks: model A random graph is a graph of N nodes where each pair of nodes is connected by probability p: G(N,p) Random networks: model p=1/6 N=12 L=8 L=10 L=7 The number
More informationCSE 190 Lecture 16. Data Mining and Predictive Analytics. Small-world phenomena
CSE 190 Lecture 16 Data Mining and Predictive Analytics Small-world phenomena Another famous study Stanley Milgram wanted to test the (already popular) hypothesis that people in social networks are separated
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationGraph Structure Over Time
Graph Structure Over Time Observing how time alters the structure of the IEEE data set Priti Kumar Computer Science Rensselaer Polytechnic Institute Troy, NY Kumarp3@rpi.edu Abstract This paper examines
More informationOutline. Motivation. Our System. Conclusion
Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationChapter 1. Social Media and Social Computing. October 2012 Youn-Hee Han
Chapter 1. Social Media and Social Computing October 2012 Youn-Hee Han http://link.koreatech.ac.kr 1.1 Social Media A rapid development and change of the Web and the Internet Participatory web application
More informationNext Generation P2P Botnets: Monitoring under Adverse Conditions
Next Generation P2P Botnets: Monitoring under Adverse Conditions Leon Böck 1, Emmanouil Vasilomanolakis 1, Max Mühlhäuser 1, and Shankar Karuppayah 2 1 Telecooperation Lab, Technische Universität Darmstadt,
More informationDetecting Stealthy Malware Using Behavioral Features in Network Traffic
Detecting Stealthy Malware Using Behavioral Features in Network Traffic Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical and Computer Engineering
More informationStructured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?
Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures? Carlton R. Davis 1, Stephen Neville 2, José M. Fernandez 1, Jean-Marc Robert 3, and John McHugh 4 1 École Polytechnique
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationProtect vital DNS assets and identify malware
N2 THREATAVERT Protect vital DNS assets and identify malware Service Providers recognize network security drives brand equity because it directly impacts subscriber satisfaction. Secure networks are also
More informationGIAN Course on Distributed Network Algorithms. Network Topologies and Local Routing
GIAN Course on Distributed Network Algorithms Network Topologies and Local Routing Stefan Schmid @ T-Labs, 2011 GIAN Course on Distributed Network Algorithms Network Topologies and Local Routing If you
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Anthony V. Teelucksingh Computer Crime and Intellectual Property Section (CCIPS) Criminal
More informationUniversal Properties of Mythological Networks Midterm report: Math 485
Universal Properties of Mythological Networks Midterm report: Math 485 Roopa Krishnaswamy, Jamie Fitzgerald, Manuel Villegas, Riqu Huang, and Riley Neal Department of Mathematics, University of Arizona,
More informationarxiv: v1 [cs.cr] 20 Dec 2015
Botnets Drilling Away Privacy Infrastructure arxiv:1512.06447v1 [cs.cr] 20 Dec 2015 1 Abstract Yang Yang kyang@ccs.neu.edu December 2015 Christophe Leung tophe@ccs.neu.edu In this paper, we explore various
More informationModule 15: Network Structures
Module 15: Network Structures Background Topology Network Types Communication Communication Protocol Robustness Design Strategies 15.1 A Distributed System 15.2 Motivation Resource sharing sharing and
More informationIncrease Threat Detection & Incident Response
Martin Rudd Carrier Scale Network Security: Increase Threat Detection & Incident Response www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Brief bio Threat
More informationDECLUSTERING THE ITRUST SEARCH AND RETRIEVAL NETWORK TO INCREASE TRUSTWORTHINESS
DECLUSTERING THE ITRUST SEARCH AND RETRIEVAL NETWORK TO INCREASE TRUSTWORTHINESS Christopher M. Badger, Louise E. Moser, P. Michael Melliar-Smith, Isai Michel Lombera, Yung-Ting Chuang Departments of Computer
More informationTraceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee
Traceback Attacks in Cloud Pebbletrace Botnet 2012 32nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Outline Introduction Key Identification Botnet attack in
More informationBotnet Detection Using Honeypots. Kalaitzidakis Vasileios
Botnet Detection Using Honeypots Kalaitzidakis Vasileios Athens, June 2009 What Is Botnet A Botnet is a large number of compromised computers, controlled by one or more Command-and-Control Servers, the
More informationLesson 18. Laura Ricci 08/05/2017
Lesson 18 WATTS STROGATZ AND KLEINBERG MODELS 08/05/2017 1 SMALL WORLD NETWORKS Many real networks are characterized by a diameter very low. In several social networks, individuals tend to group in clusters
More informationSecurity Trend of New Computing Era
Security Trend of New Computing Era Presented by Roland Cheung HKCERT Agenda Security Threat Overview Introduction of Botnet Impact of Botnet Fight Back Botnet Security Protection Scheme Security Threat
More informationComputer Network Architecture
Computer Network Architecture Lecture 2: Fundamental of Network Internet and Intranet Intranet: An intranet is a private network that is contained within an enterprise. It may consist of many interlinked
More informationCS224W: Social and Information Network Analysis Jure Leskovec, Stanford University
CS224W: Social and Information Network Analysis Jure Leskovec, Stanford University http://cs224w.stanford.edu 10/4/2011 Jure Leskovec, Stanford CS224W: Social and Information Network Analysis, http://cs224w.stanford.edu
More informationPost-Intrusion Report June White paper
Post-Intrusion Report June 2015 White paper TABLE OF CONTENTS About the data in this report.... 3 Classification of data.... 3 High-level trends.... 4 Detected threats by category.... 4 A spike in indicators
More informationUniversity of Twente
University of Twente Faculty of Electrical Engineering, Mathematics and Informatics Bachelor of Science thesis Error tolerance analysis of the Telefónica de España optical fibre network Pieter van Wijngaarden
More informationSmall World Properties Generated by a New Algorithm Under Same Degree of All Nodes
Commun. Theor. Phys. (Beijing, China) 45 (2006) pp. 950 954 c International Academic Publishers Vol. 45, No. 5, May 15, 2006 Small World Properties Generated by a New Algorithm Under Same Degree of All
More informationAS Connectedness Based on Multiple Vantage Points and the Resulting Topologies
AS Connectedness Based on Multiple Vantage Points and the Resulting Topologies Steven Fisher University of Nevada, Reno CS 765 Steven Fisher (UNR) CS 765 CS 765 1 / 28 Table of Contents 1 Introduction
More informationPost Intrusion Report
Post Intrusion Report JUNE 2015 VERSION 2.0 Report Table of Contents About the data in this report 3 Classification of data 3 High-level trends 4 Detected threats by category 4 A spike in indicators of
More informationJaal: Towards Network Intrusion Detection at ISP Scale
Jaal: Towards Network Intrusion Detection at ISP Scale A. Aqil, K. Khalil, A. Atya, E. Paplexakis, S. Krishnamurthy, KK. Ramakrishnan University of California Riverside T. Jaeger Penn State University
More informationThe Shape of the Internet. Slides assembled by Jeff Chase Duke University (thanks to Vishal Misra and C. Faloutsos)
The Shape of the Internet Slides assembled by Jeff Chase Duke University (thanks to Vishal Misra and C. Faloutsos) The Shape of the Network Characterizing shape : AS-level topology: who connects to whom
More informationMITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK
MITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK Kanimozhi.G, Santhiya.k, B.Tech[IT], B.Tech[IT], ACET, ACET, Kumbakonam, Kumbakonam, Kanigenesan96@gmail.com. Moorthisanthiya@gmail.com
More informationCybersecurity, Cybercrime, Cyberwar, Cyberespionage...
Cybersecurity, Cybercrime, Cyberwar, Cyberespionage... can How the can Internet the Internet community community make the improve situation security better? Dr. Cristine Hoepers cristine@cert.br! Computer
More informationBotDigger: A Fuzzy Inference System for Botnet Detection
The Fifth International Conference on Internet Monitoring and Protection BotDigger: A Fuzzy Inference System for Botnet Detection Basheer Al-Duwairi Network Engineering and Security Department Jordan University
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informationModels of Network Formation. Networked Life NETS 112 Fall 2017 Prof. Michael Kearns
Models of Network Formation Networked Life NETS 112 Fall 2017 Prof. Michael Kearns Roadmap Recently: typical large-scale social and other networks exhibit: giant component with small diameter sparsity
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationVisualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR*
Visualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR* Matthew Chu, Kyle Ingols, Richard Lippmann, Seth Webster, Stephen Boyer 14 September 2010 9/14/2010-1 *This work is sponsored
More informationExercise set #2 (29 pts)
(29 pts) The deadline for handing in your solutions is Nov 16th 2015 07:00. Return your solutions (one.pdf le and one.zip le containing Python code) via e- mail to Becs-114.4150@aalto.fi. Additionally,
More informationA Self-Learning Worm Using Importance Scanning
A Self-Learning Worm Using Importance Scanning Zesheng Chen and Chuanyi Ji Communication Networks and Machine Learning Group School of Electrical and Computer Engineering Georgia Institute of Technology,
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationConfiguring BGP. Cisco s BGP Implementation
Configuring BGP This chapter describes how to configure Border Gateway Protocol (BGP). For a complete description of the BGP commands in this chapter, refer to the BGP s chapter of the Network Protocols
More informationModule 16: Distributed System Structures
Chapter 16: Distributed System Structures Module 16: Distributed System Structures Motivation Types of Network-Based Operating Systems Network Structure Network Topology Communication Structure Communication
More informationFailure in Complex Social Networks
Journal of Mathematical Sociology, 33:64 68, 2009 Copyright # Taylor & Francis Group, LLC ISSN: 0022-250X print/1545-5874 online DOI: 10.1080/00222500802536988 Failure in Complex Social Networks Damon
More informationSignal Processing for Big Data
Signal Processing for Big Data Sergio Barbarossa 1 Summary 1. Networks 2.Algebraic graph theory 3. Random graph models 4. OperaGons on graphs 2 Networks The simplest way to represent the interaction between
More informationNorman presentation. From Storm to Waledac. By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA
Norman presentation From Storm to Waledac By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA Storm first peer-to-peer botnet Old method IRC-server Specific chat-channels and run commandoes via
More informationIoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense
IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense DDoS Attacks Increasing in Size, Frequency & Complexity Arbor Networks WISR XII Largest attack
More information!!!!!!!!!!!!!!!!!!!!!!!!!!!"!#$%%!&'!"(&)'*!!!!!!"#$%!&'(!)*+',+%!!
"#$%%&'"(&)'* "#$%&'()*+',+% -&..+*/0+1*'2"#$%&'()*+',+% #,3410,$3*41(,3%&'()*+',+#,0531+67/-&..+*/0+1*' "'+3*(50+1*' For too long, service providers have been getting a free pass on addressing some of
More informationMalware Research at SMU. Tom Chen SMU
Malware Research at SMU Tom Chen SMU tchen@engr.smu.edu www.engr.smu.edu/~tchen Outline About SMU and Me Virus Research Lab Early Worm Detection Epidemic Modeling New Research Interests TC/BT/11-5-04 SMU
More informationA Multifaceted Approach to Understanding the Botnet Phenomenon
Technische Universität Berlin Seminar Internet Measurements Betreuer: Gregor Maier A Multifaceted Approach to Understanding the Botnet Phenomenon Abstract The following text is a summary of the original
More information(Im)possibility of Enumerating Zombies. Yongdae Kim (U of Minnesota - Twin Cities)
(Im)possibility of Enumerating Zombies Yongdae Kim (U of Minnesota - Twin Cities) From Gunter Ollmann at Damballa's blog Botnet and DDoS Botnets becoming the major tool for DDoS 5 million nodes Botnet
More informationγ : constant Goett 2 P(k) = k γ k : degree
Goett 1 Jeffrey Goett Final Research Paper, Fall 2003 Professor Madey 19 December 2003 Abstract: Recent observations by physicists have lead to new theories about the mechanisms controlling the growth
More informationTHE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE
THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE International Maritime Organization Regulations IMO has given shipowners and managers until 2021 to incorporate cyber risk management into
More informationSelf Learning Networks An Overview
Self Learning Networks An Overview Alvaro Retana aretana@cisco.com Distinguished Engineer, Cisco Services Slides by JP Vasseur and Jeff Apcar. What Self Learning Networks is About SLN is fundamentally
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More information