Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010.

Published byJoleen Powell Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010."— Presentation transcript:

1 Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010

2 Outline The Proposed Approach TitleExperiment Environment Performance Ananlysis 2011/3/82

3 The Proposed Approach This study observes web botnet behaviors through Blackenergy. To distinguish abnormal web traffic from regular web requests, this study first conducts the experiments with normal web requests and one of the normal flows. 2011/3/83

4 The Proposed Approach Then, the experiments with web bots connecting to the C&C web server are conducted a sample. Such web flows are different from the normal user’s web browsing flows and can be used to identify web bots. 2011/3/84

5 5

6 The Proposed Approach Attribute Analysis –The major features can be divided into timeslot, data calculating, mutual authentication bots clustering analysis. 2011/3/86

7 The Proposed Approach Attribute Analysis –Mutual authentication can be explained by flows data, to put it more concretely, if the flow data of B2S (bots link to server) is quite similar to S2B, represent that the flow data was extraordinary. –Clustering analysis, in brief, classes the same feature as the same group. 2011/3/87

8 the bots connect with HTTP Server have regular time interval every data exist similar value. 2011/3/88

9 TitleExperiment Environment –In the simulative environment, setting four bots regularly connect to server and perform the DDos attack to the victims after get the command, –the attack command as follows: 2011/3/89

10 TitleExperiment Environment 2011/3/810

11 Experiment Environment –When Blackenergy performed DDoS attacks, the flows were significant increase in a short time. 2011/3/811

12 Performance Analysis Experiment Environment –There are four different network environments: –(1) a simulated LAN initially with one infected bot and 13 normal clients, –(2) a simulated LAN initially with 3 botnets and some normal clients, 2011/3/812

13 Performance Analysis Experiment Environment –(3) a real LAN deployed initially with one infected bot machine and 19 normal clients, and –(4) a university dorm network. 2011/3/813

14 2011/3/814

15 Performance Ananlysis Bot Infection Some Hosts in the LAN: – In this experiment, the system setting three botnets and three HTTP servers to obtain evidence of characteristics –designing time intervals are 1 minute, 10 minutes, and 15 minutes, respectively. 2011/3/815

16 2011/3/816

17 Performance Ananlysis 3) Real Network Environment: 2011/3/817

18 Performance Ananlysis 4) Demonstrate the usefulness in real network: –The data were primarily collected by school dormitory and conducted in roughly five days. 2011/3/818

19 2011/3/819

Download ppt "Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
1 Enhanced EDF Scheduling Algorithms for Orchestrating Network-wide Active Measurements Prasad Calyam, Chang-Gun Lee Phani Kumar Arava, Dima Krymskiy OARnet,

1 Enhanced EDF Scheduling Algorithms for Orchestrating Network-wide Active Measurements Prasad Calyam, Chang-Gun Lee Phani Kumar Arava, Dima Krymskiy OARnet,
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,

A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,
1 A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection 許富皓 資訊工程學系 中央大學 1.

1 A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection 許富皓 資訊工程學系 中央大學 1.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Chat applications and IRC Presented by Tyler Maciolek.

Chat applications and IRC Presented by Tyler Maciolek.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
School of Computer Science and Information Systems

School of Computer Science and Information Systems
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
On the Feasibility of Large-Scale Infections of iOS Devices

On the Feasibility of Large-Scale Infections of iOS Devices
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.
BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)

BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)
SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.

SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.

Similar presentations

Ads by Google