A lustrum of malware network communication: Evolution & insights

Slides:

Advertisements

Similar presentations

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

Advertisements

By Hiranmayi Pai Neeraj Jain

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

IBM Security Network Protection (XGS)

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Norman SecureSurf Protect your users when surfing the Internet.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

Botnets An Introduction Into the World of Botnets Tyler Hudak

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

BotNet Detection Techniques By Shreyas Sali

Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

Automated Classification and Analysis of Internet Malware M. Bailey J. Oberheide J. Andersen Z. M. Mao F. Jahanian J. Nazario RAID 2007 Presented by Mike.

THE THREAT LANDSCAPE FROM CYBERCRIME TO CYBER-WAR David Emm Global Research and Analysis Team.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

Cross-Analysis of Botnet Victims: New Insights and Implication Seungwon Shin, Raymond Lin, Guofei Gu Presented by Bert Huang.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Published: Internet Measurement Conference (IMC) 2006 Presented by Wei-Cheng Xiao 2015/11/221.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Studying Spamming Botnets Using Botlab

Security Analytics Thrust Anthony D. Joseph (UCB) Rachel Greenstadt (Drexel), Ling Huang (Intel), Dawn Song (UCB), Doug Tygar (UCB)

The Koobface Botnet and the Rise of Social Malware Kurt Thomas David M. Nicol

Sky Advanced Threat Prevention

Understand Malware LESSON Security Fundamentals.

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Understanding and breaking the cyber kill chain

Botnets A collection of compromised machines

Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit

The Internet Worm Compromising the availability and reliability of systems through security failure.

Cisco 2017 Security Annual Report

Malware Reverse Engineering Process

A Lustrum of Malware Network Communication: Evolution and Insights

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Defeat Tomorrow’s Threats Today

VIRUS HOAX + BOTS. VIRUS HOAX + BOTS Group Members Aneeqa Ikram Fatima Ishaque Tufail Rana Anwar Amjad.

Intelligence Driven Defense, The Next Generation SOC

Malware Reverse Engineering Process

Active Cyber Security, OnDemand

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Botnets A collection of compromised machines

Jon Peppler, Menlo Security Channels

Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin

Secure Browsing Because malware usually doesn’t identify itself.

Internet Worm propagation

The University of Adelaide, School of Computer Science

Intrusion Detection system

Data Mining & Machine Learning Lab

Introduction to Internet Worm

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.

Presentation transcript:

A lustrum of malware network communication: Evolution & insights Authors: Chaz Lever, Platon Kotzias, Davide Ballzarotti, Manson Anotonkakis Presented by: Sohail Akbar Master of Professional Studies in Digital Security Date: 10-10-2017

Introduction Motivation Problems & Trends Background

Internet security threat Introduction propagation of cybercrime for profit (Zbot,…) Targeted attacks (Aurora,…) Emerging Cyber Warfare (Stuxnet,…)

internet security threat introduction Implications - motivated, well funded adversary - creative attackers – find new vectors to reach victims - adoptive attackers – work actively against defence

Key component - Malware Introduction Malware (Malicious Software) software that fulfils the deliberately harmful intend of an attacker typically installed as a part of compromise or via social engineering Bots, Advance Persistent Threat (APTs) - No more Autonomous - provide remote access to attackers (botmaster) - connect to command and control (C&C) infrastructure - use infected host as platform to lunch malicious activity leverage this Command & Control infrastructure for better defense

motivation INTRODUCTION Malware analysis is at the forefront of fight against internet threats. Both the operational & academic security communities have used dynamic malware analysis Network information derived from such dynamic analysis is used for: - Threat detection - Network Polices - Incident Response - other indicators of compromise

How effective are these Network Signals ? Big question?? How effective are these Network Signals ? What are the ways actually reliable to use these?

DATA SAMPLES

Domain Filtering Invalid domains Benign Domains Spam Domains ` Remove NX domains to reduce the effects of Domain Generation Algorithm (DGA). Reduction from 6.8 M to 1.31M e2LDs. Benign Domains Remove popular domains from Alexa Remove known content delivery Network (CDN) Reduction from 1.31M to 1.21M e2LDS Spam Domains Remove resolutions from binaries with lots of MX lookups Remove resolutions with mail related keywords (i.e mail, smtp,..) Reduction from 1.29M to 329,348 e2LDS `

MALWARE COLLECTION (FILTERED) Collection issue Consistence growth in No. of samples, No. of domains queried and No. of IP addresses Drop in second half of 2014 reflects a failure in our collection infr. No. of malware samples, qnames. e2LDs, & IP according to the execution time of samples

PUP / MALWARE Classification Collection issue Kotzias et al {38} who conduct the same kind of previous work. He observed the same trend in much smaller dataset. Thomas et al measured that Google safe browsing generates 3 times as many detections for PUP as for Malware.

MY Criticism Malware landscape is much diverse and constantly evolving : Large and diverse botnets, APT’s, exploitation techniques, C&C, many more… Examining the malicious code involve a variety of tasks, which are long time consuming and can be challenging. There are chances of getting wrong results to execute the malicious code (Malware) in the sandbox, as it could have different configuration settings. Malware usually, have different payloads to execute based on the configuration of infected hosts. That is, one malware sample may behave differently on different hosts if the hosts, for examples, have different versions of internet browsers.

MY Criticism In this paper writer suggest that “ Network defenders should rely on Automated malware analysis to extract indicators of compromise and not build early detection system” In my point of view, I am not agree and propose for this project to study and analyze the different methods, tools and techniques for early Network-based Malware detection.

Questions!