BotNet Detection Techniques By Shreyas Sali

Slides:

Advertisements

Similar presentations

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Norman SecureSurf Protect your users when surfing the Internet.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Sravanthi Vattikuti Sri Harsha Devabhaktuni

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Botnets An Introduction Into the World of Botnets Tyler Hudak

Introduction to Honeypot, Botnet, and Security Measurement

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Attacks on Computer Systems

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

Internet Security facilities for secure communication.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Honeypot and Intrusion Detection System

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

--Harish Reddy Vemula Distributed Denial of Service.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.

Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II.

Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.

Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Cryptography and Network Security Sixth Edition by William Stallings.

Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Internet safety By Suman Nazir

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.

1 NES554: Computer Networks Defense Course Overview.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

E-Commerce & Bank Security By: Mark Reed COSC 480.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

AP Waseem Iqbal.  DoS is an attack on computer or network that reduces, restricts or prevents legitimate of its resources  In a DoS attack, attackers.

Instructor Materials Chapter 7 Network Security

Securing Information Systems

Chapter 4: Protecting the Organization

Data Mining & Machine Learning Lab

Test 3 review FTP & Cybersecurity

Marcial Quinones-Cardona

Presentation transcript:

BotNet Detection Techniques By Shreyas Sali Course: Network Security (CSCI – 5235) Instructor: Dr. T Andrew Yang 1

Outline Introduction to Botnet Botnet Life-cycle Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion References

Introduction to Botnet A Botnet is a network of compromised computers under the control of a remote attacker. Botnet Terminology Bot Herder (Bot Master) Bot Bot Client IRC Server Command and Control Channel (C&C)

Introduction to Botnet (Terminology) IRC Server IRC Channel Code Server Bot Master IRC Channel C&C Traffic Updates Attack Victim Bots

Botnet Life-cycle

Botnet Life-cycle

Botnet Life-cycle

Botnet Life-cycle

Botnet In Network Security Internet users are getting infected by bots Many times corporate and end users are trapped in botnet attacks Today 16-25% of the computers connected to the internet are members of a botnet In this network bots are located in various locations It will become difficult to track illegal activities This behavior makes botnet an attractive tool for intruders and increase threat against network security

Botnet is Used For Bot Master

So It is really Important to Detect this attack How Botnet is Used? Distributed Denial of Service (DDoS) attacks Sending Spams Phishing (fake websites) Addware (Trojan horse) Spyware (keylogging, information harvesting) Click Fraud So It is really Important to Detect this attack

Botnet Detection Two approaches for botnet detection based on Setting up honeynets Passive traffic monitoring Signature based Anomaly based DNS based Mining based

Botnet Detection: Setting up Honeynets Windows Honeypot Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password

Botnet Detection: Setting up Honeynets Sensor 1. Malicious Traffic 3. Authorize 2. Inform bot’s IP Bot Master

Botnet Detection: Traffic Monitoring Signature based: Detection of known botnets Anomaly based: Detect botnet using following anomalies High network latency High volume of traffic Traffic on unusual port Unusual system behaviour DNS based: Analysis of DNS traffic generated by botnets

Botnet Detection: Traffic Monitoring Mining based: Botnet C&C traffic is difficult to detect Anomaly based techniques are not useful Data Mining techniques – Classification, Clustering

Botnet Detection Determining the source of a botnet-based attack is challenging: Traditional approach: Every zombie host is an attacker Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack New trend: P2P networks

Preventing Botnet Infections Use a Firewall Patch regularly and promptly Use Antivirus (AV) software Deploy an Intrusion Prevention System (IPS) Implement application-level content filtering Define a Security Policy and Share Policies with your users systematically

Botnet Research Logging onto herder IRC server to get info Passive monitoring Either listening between infected machine and herder or spoofing infected PC Active monitoring: Poking around in the IRC server Sniffing traffic between bot & control channel

Botnet Research: Monitoring Attacker Infected Hi! IRC Herder Researcher

Conclusion Botnets pose a significant and growing threat against cyber security It provides key platform for many cyber crimes (DDOS) As network security has become integral part of our life and botnets have become the most serious threat to it It is very important to detect botnet attack and find the solution for it

References B. Saha and A, Gairola, “Botnet: An overview,” CERT-In White PaperCIWP-2005-05, 2005 Peer to Peer Botnet detection for cyber-security: A data mining approach - ACM Portal Mohammad M. Masud, Jing Gao, Latifur Khan, Jiawei Han, Bhavani Thuraisingham A Survey of Botnet and Botnet Detection Feily, M.; Shahrestani, A.; Ramadass, S.; Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on Digital Object Publication Year: 2009 , Page(s): 268 – 273 IEEE CONFERENCES Honeynet-based Botnet Scan Traffic Analysis Zhichun Li, Anup Goyal, and Yan Chen Northwestern University, Evanston, IL 60208 Detecting Botnets Using Command and Control Traffic AsSadhan, B.; Moura, J.M.F.; Lapsley, D.; Jones, C.; Strayer, W.T.; Network Computing and Applications, 2009. NCA 2009. Eighth IEEE International Symposium. Publication Year: 2009 , Page(s): 156 – 162 IEEE CONFERENCES Spamming botnets: signatures and characteristics Yinglian Xie, Fang Yu

QUESTIONS

Thank you