Botnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran

Similar documents
BotDigger: A Fuzzy Inference System for Botnet Detection

BotCatch: Botnet Detection Based on Coordinated Group Activities of Compromised Hosts

Detecting P2P Botnets through Network Behavior Analysis and Machine Learning

Detecting Spam Zombies By Monitoring Outgoing Messages

A Review- Botnet Detection and Suppression in Clouds Miss Namrata A. Sable #1, Prof. Dinesh S. Datar #2

Deployment of Proposed Botnet Monitoring Platform using Online Malware Analysis for Distributed Environment

Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model

Towards Efficient and Privacy-Preserving NetworkBased Botnet Detection Using Netflow Data

Detecting P2P Botnets through Network Behavior Analysis and Machine Learning

Multi-phase IRC Botnet & Botnet Behavior Detection Model

REPORT DOCUMENTATION PAGE

BotGAD: Detecting Botnets by Capturing Group Activities in Network Traffic

A Review-Botnet Detection and Suppression in Clouds

Automatic Discovery of Botnet Communities on Large-Scale Communication Networks

Sub-Botnet Cordination Using Tokens in a Switched Network

4MMSR-Network Security Seminar. Peer-to-Peer Botnets: Overview and Case Study

Automating Security Response based on Internet Reputation

P2P Botnet Detection through Malicious Fast Flux Network Identification

arxiv: v1 [cs.cr] 20 Dec 2015

Accepted Manuscript. Original article. Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks

A REVIEW OF PEER-TO-PEER BOTNET DETECTION TECHNIQUES

Catching modern botnets using active integrated evidential reasoning

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Fast Deployment of Botnet Detection with Traffic Monitoring

Outline. Motivation. Our System. Conclusion

Detection of Botnets Using Combined Host- and Network-Level Information

MITICATION OF PEER TO PEER BASED BOTNET FOR BUILDING A BOTNET ATTACK

MISHIMA: Multilateration of Internet hosts hidden using malicious fast-flux agents (Short Paper)

Exploiting SIP for Botnet Communication

Attack Patterns Recognition Framework

This is the published version of this conference paper:

BotTrack: Tracking Botnets Using NetFlow and PageRank

DNS Security. Ch 1: The Importance of DNS Security. Updated

Intelligent and Secure Network

Heuristics for Detecting Botnet Coordinated Attacks

Detection of Network Intrusion and Countermeasure Selection in Cloud Systems

PeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis

A Taxonomy of Botnet Structures

Botnet Communication Topologies

Towards a Theoretical Framework for Trustworthy Cyber Sensing

International Journal of Computer Trends and Technology (IJCTT) Volume54 Issue 1- December 2017

COUNTERMEASURE SELECTION FOR VIRTUAL NETWORK SYSTEMS USING NETWORK INTRUSION DETECTION

Revisiting Botnet Models and Their Implications for Takedown Strategies

Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype

Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing

A brief Incursion into Botnet Detection

Development of a Scalable System for Stealthy P2P Botnet Detection

Analysis the P2P botnet detection methods

DETECTION OF INTRUSION AND PRESERVING PRIVACY FOR DATA IN CLOUD STORAGE SYSTEM

Security activities in Japan towards the future standardization. Cybersecurity

A Multifaceted Approach to Understanding the Botnet Phenomenon

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Norman presentation. From Storm to Waledac. By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA

Synchronized Security

Detecting encrypted traffic: a machine learning approach

Traceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee

BOTNET-GENERATED SPAM

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Effective Discovery Of Detecting Spam Zombies by Spot Detection System

A Review of Network Intrusion Detection and Countermeasure

Botnet Detection Using Honeypots. Kalaitzidakis Vasileios

CompTIA E2C Security+ (2008 Edition) Exam Exam.

Botnet Behaviour Analysis using IP Flows

Size Matters Measuring a Botnet Operator s Pinkie

Enhanced Malware Monitor in SDN using Kinetic Controller

Research Article Detection of Malware Propagation in Sensor Node and Botnet Group Clustering Based on Spam Analysis

Detecting Stealthy Malware Using Behavioral Features in Network Traffic

Elementary Computing CSC 100. M. Cheng, Computer Science

SDN-GUARD: Protecting SDN Controllers Against SDN Rootkits

Storm Worm: A P2P Botnet

CE Advanced Network Security Botnets

Peering into Botnets via Fast Flux Enumeration: The ATLAS Experience. Jose Nazario, Ph.D. FIRST 2008 NSM-SIG Vancouver

BotCloud: Detecting Botnets Using MapReduce

Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification

Why to talk about Botnets

On the Effectiveness of Structural Detection and Defense Against P2P-based Botnets

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Endpoint Protection : Last line of defense?

Association Rule Based Data Mining Approach to HTTP Botnet Detection

A SURVEY OF BOTNET DETECTION TECHNIQUES BY COMMAND AND CONTROL INFRASTRUCTURE

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

A Framework for Attack Patterns Discovery in Honeynet Data

Journal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article

P2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b

ECIT Institute (Est.2003)

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Chapter 2 Malicious Networks for DDoS Attacks

IC B01: Internet Security Threat Report: How to Stay Protected

Detection of Malicious Payload Distribution Channels in DNS

Radware: Anatomy of an IoT Botnet and Economics of Defense

Mitigating the Botnet Problem: From Victim to Botmaster

A SURVEY TO ANALYSE MITIGATION TECHNIQUES FOR DISTRIBUTED DENIAL OF SERVICE ATTACKS

With turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure

QUARTERLY TRENDS AND ANALYSIS REPORT

Citation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.

AN INTRUSION PREVENTION SYSTEM USING FIRECOL FOR THE DETECTION AND MITIGATION OF FLOODING DDOS ATTACKS

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

Malware Research at SMU. Tom Chen SMU

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Transcription:

08-08-2011 Guide: Dr. B Ravindran

Outline 1 Introduction 2 3 4 5 6 2

Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc.

Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc. How is it all possible? By owning a million computers 3

Big Picture Recent Incidents Reasons for Study Notable Attacks South Korean Government websites. Wordpress.com Estonian Government websites. Yahoo, ebay. Network security firms. 4

Big Picture Recent Incidents Reasons for Study Why is this problem hard? Key issues Co-ordiated Control CnC channels Detection methods available Specific to attack types Working of bots vary Infection vector wide array of mechanisms to infect a machine 5

Definitions Command and Control Centralized & P2P Key Words Bot Infected host, can be remotely controlled. Botnet Network of bots. Botmaster Attacker who controls bots remotely. CnC Command and Control. IRC Internet Relay Chat. P2P Peer-to-Peer Communication. 6

Definitions Command and Control Centralized & P2P General Working Uses of CnC Major uses of CnC channels for a Bot Master. Rendezvous for bots Give commands to bots Updates to bot software Types of CnC Centralized CnC P2P CnC 7

Definitions Command and Control Centralized & P2P Types Centralized Major protocol used: IRC Easy to control and co-ordinate Single point of failure P2P Distributed servers instead of one Highly resilient Command latency is high 8

Modus Operandi CnC servers Bot binaries Infected hosts 4 Internet 5 3 2 DNS lookup 1 Vulnerable machine Figure: Botnet 9

Bot download CnC communication Communicating with bots BotMiner [3] Argument: Bots belonging to same botnet behave similarly Approach: Monitor network traffic from two different views Activity Plane: who is doing what Communication Plane: who is talking to whom Cluster entities which behave abnormally in both planes Other approaches Bot Hunter [4] 10

IRC based bots Introduction Bot download CnC communication IRC nick name [1] Argument: IRC nick used by bots follow regular pattern IRC traffic [6] Two step approach 1 Separate IRC traffic from other traffic 2 Separate bot IRC traffic from normal IRC traffic 11

Bot download CnC communication P2P bots Challenges [5, 2] Loosely coupled nature of P2P protocols P2P networks are harder to monitor, shutdown Bot masters can write custom protocols for CnC Can have encrypted communication channels Need not follow standard communication behavior 12

Honeypot Honeypots & Honeynets [7] Uses and Working To gain insight into bot malware Vulnerable system left open for attackers to exploit Two types Low Interaction Honeypots High Interaction Honeypots 13

Jan Goebel and Thorsten Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. USENIX Security Symposium, 2007. J.B. Grizzard, V. Sharma, C. Nunnery, B.B.H. Kang, and D. Dagon. Peer-to-peer botnets: Overview and case study. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding, pages 1 8. USENIX Association, 2007. G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. In Proceedings of the 17th conference on Security symposium, pages 139 154. USENIX Association, 2008.

G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages 1 16. USENIX Association, 2007. Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, and Felix C. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In Networked Systems Design and Implementation, 2008. W. Lu, M. Tavallaee, and A.A. Ghorbani. Automatic discovery of botnet communities on large-scale communication networks.

In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 1 10. ACM, 2009. Niels Provos. A virtual honeypot framework. In USENIX Security Symposium, pages 1 14, 2004.

Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback