B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

Slides:

Advertisements

Similar presentations

Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Taxonomy of Botnets Team Mag Five Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Threat infrastructure: proxies, botnets, fast-flux

Design and Implementation of SIP-aware DDoS Attack Detection System.

Department Of Computer Engineering

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Norman SecureSurf Protect your users when surfing the Internet.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Sravanthi Vattikuti Sri Harsha Devabhaktuni

Botnets An Introduction Into the World of Botnets Tyler Hudak

Introduction to Honeypot, Botnet, and Security Measurement

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Attacks on Computer Systems

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

BotNet Detection Techniques By Shreyas Sali

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.

IEEE Communications Surveys & Tutorials 1st Quarter 2008.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

Host and Application Security Lesson 17: Botnets.

Botnets: Infrastructure and Attacks Slides courtesy of Nick Feamster as taught as Georgia Tech/CS6262.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma

Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

Botnets Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.

Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Botnets A collection of compromised machines

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Botnets A collection of compromised machines

Internet Worm propagation

Presentation transcript:

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Outline BOTS AND BOTNETS BOTNET CREATION AND PROPOGATION BOTNET COMMAND AND CONTROL (C&C) TECHNIQUES Rallying Mechanisms Communication Protocols SECURITY THREATS FROM BOTNET BOTNET DETECTION 2

BOTS AND BOTNETS The term “Bot” is derived from the word “Robot Bots are designed to perform some predefined functions in automated way. Botnet is a network of infected machines which are under the control of a human operator commonly known as botmaster. 3

Example illustrates how a botnet is created and used to send spam. 4

5

BOTNET CREATION AND PROPOGATION Methods to create bot: write code extend or customize an existing bot. Methods to propagate: exploit vulnerabilities sending out messages setting up Web sites 6

BOTNET COMMAND AND CONTROL (C&C) TECHNIQUES Centralized Command & Control (C&C) Technique P2P Command & Control (C&C) Technique Random Command & Control (C&C) Technique 7

Centralized Command & Control (C&C) Technique 8

Advantages of using centralized C&C techniques A great amount of resources are available online to create a C&C based botnet Allows controlling of as many bots as possible and thus maximizes the profit of the botmaster. Small message latency Disadvantages of using centralized C&C techniques Easy to shutdown. 9

P2P Command & Control (C&C) Technique 10

P2P Command & Control (C&C) Technique Advantages of using P2P Command & Control (C&C) Technique Harder to locate, shutdown, monitor, and hijack Propagation latency is lacking in P2P systems Disadvantages of using P2P Command & Control (C&C) Technique Hard to launch large scale attacks 11

Random Command & Control (C&C) Technique 12

Random Command & Control (C&C) Technique Advantage: Easy implementation Resilient to discovery and destruction Disadvantage Hard to launch large scale attacks Propagation latency is very high. 13

Rallying Mechanisms Rallying mechanisms used for: Discover new bots Rally them under their botmasters. Rallying Mechanisms: Hard-coded IP Address Dynamic DNS Domain Name 14

Hard-coded IP Address A common method used to rally new bots works like this: A bot includes hard-coded C&C server IP addresses in its binary. When the bot initially infects a computer, the computer will connect back to the C&C server using the hard-coded server IP address. 15

Drawbacks of Hard-coded IP Address The problem with using hard-coded IP addresses is that The C&C server can be easily detected The communication channel can be easily blocked. 16

Dynamic DNS Domain Name The bots today often include hard-coded domain names, assigned by dynamical DNS providers. 17

Benefit of Dynamic DNS Domain Name if a C&C server is shutdown by authorities, the botmaster can easily resume his/her control by creating a new C&C server. 18

Communication Protocols IRC Protocol HTTP Protocol P2P Protocol 19

SECURITY THREATS FROM BOTNET Distributed Denial of Services (DDoS) Spamming Phishing and Identity Theft Click Fraud Hosting illegal material and disseminating malicious code 20

Distributed Denial of Services (DDoS) Distributed Denial of Services (DDoS) attack is direct attempt of attackers to prevent legitimate users from using a specific service using multiple compromised systems. Two main variants of DDoS attacks Bandwidth depletion (Flooding and reflection attacks ) Resource depletion. 21

Spamming Spamming is any message or posting, regardless of its content, that is sent to multiple recipients who have not specifically requested the message 22

Phishing and Identity Theft Phishing and Identity Theft is a fraudulent activity defined as the creation of a replica of an existing Web page or other online resource to deceive a user into submitting personal, financial, or password data 23

Click Fraud its fake clicks to maximize the revenue of certain users from the ads they publish on their websites. 24

Hosting illegal material and disseminating malicious code Illegal material can be stored as a dynamic repository on a bot compromised computer by the botmaster. 25

BOTNET DETECTION Honeypot passive network traffic monitoring and analysis. Signature-based Detection Anomaly-based detection techniques DNS-based detection techniques Mining-based Detection 26

Signature-based Detection Useful way for botnet detection based on Knowledge of useful signatures and behavior of existing botnets. For example, Snort 27

Anomaly-based detection techniques Attempt to detect botnets based on several network traffic anomalies such as high network latency. 28

DNS-based detection techniques Detect botnets based on several DNS traffic anomalies 29

Mining-based Detection One of effective technique for botnet detection to identify botnet C&C traffic. Several data mining techniques including machine learning, classification, and clustering can be used efficiently to detect botnet C&C traffic. 30

Thanks 31