A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

Slides:

Advertisements

Similar presentations

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

Advertisements

A Scalable Virtual Registry Service for jGMA Matthew Grove CCGRID WIP May 2005.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Offense: Brute Force A Multifaceted Approach to Understanding the Botnet Phenomenon (Rajab/Zarfoss/Monrose/Terzis)

1 MA Rajab, J Zarfoss, F Monrose, A Terzis - Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets My Botnet is Bigger than Yours.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Threat infrastructure: proxies, botnets, fast-flux

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

A M ULTIFACETED A PPROACH TO U NDERSTANDING THE B OTNET P HENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science Department.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

BOTNET Kumar Mukherjee Mike Ladd Nazia Raoof Rajesh Radhakrishnan Bret Walker.

Introduction to Honeypot, Botnet, and Security Measurement

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Chris Ard, The International Journal of Forensic Computer Science, IJoFCS(2007) 1,65-74 Speaker:Chiang Hong-Ren Botnet Analysis.

BotNet Detection Techniques By Shreyas Sali

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

A MULTIFACETED APPROACH TO UNDERSTANDING THE BOTNET PHENOMENON (2006) Jonathan Brant CAP 6135 – Spring 2010 Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose,

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

CAP6135: Malware and Software Vulnerability Analysis Botnets Cliff Zou Spring 2012.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

1 An Advanced Hybrid Peer-to-Peer Botnet Ping Wang, Sherri Sparks, Cliff C. Zou School of Electrical Engineering & Computer Science University of Central.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

A MULTIFACETED APPROACH TO UNDERSTANDING THE BOTNET PHENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose & Andreas Terzis IMC’06.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

Dealing with Malware By: Brandon Payne Image source: TechTips.com.

AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Published: Internet Measurement Conference (IMC) 2006 Presented by Wei-Cheng Xiao 2015/11/221.

Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.

Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.

A Scalable Virtual Registry Service for jGMA Matthew Grove DSG Seminar 3 rd May 2005.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Botnets A collection of compromised machines

Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.

Botnets A collection of compromised machines

Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.

Attack Mechanism using botnets

Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.

“A Multifaceted Approach to Understanding the Botnet Phenomenon”

Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.

Presentation transcript:

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet Measurement Conference, IMC'06, Brazil, October 2006 Presenter : Richard Bares

What Is A Botnet? Botnet is used to define Networks of infected end-hosts, called bots, that are under the control of a human operator commonly known Botnets like other malware use software vulnerabilities to infect or recruit other machines

What Makes A Botnet Different From Other Malware? Their defining characteristic is the use of a command and control channels. These channels include IRC Internet Relay Chat P2P Peer to Peer HTTP

How A Botnet Works

How To Find Out More about Botnets? Malware collection of Binary code Binary analysis via grey-box testing Longitudinal tracking of IRC Botnets Through IRC and DNS tracking

What kind of system is needed?

Malware Collection Use of a modified Nepethes Platform  Mimics replies of vulnerable services  Used to collect data on Botnets using known exploits  HoneyPot Made of up VMware  To collect data Botnets using unknown exploits

Binary Analysis Creation of a Network Fingerprint  Monitored VMware Windows XP  Collect IP’s, DNS, Ports, and scans Extraction of IRC-related features  Used UnrealIRC daemon  Monitored infected VMware to find IRC channel passwords  Learns botnet dialect and commands

Tracking of Botnets IRC Tracker  Modified IRC Client that mimics an infected PC  Responses to C&C while connecting data DNS Tracker  Monitors major DNS Severs  Keeps track of requests for Domain names found in Botnet code

Botnet Structure 318 Botnet Observed, 60% of those IRC 70% of IRC Botnets connected to one server 30% of IRC Botnets connected to multiple servers  IRC severs connected together  Allowing for large number of bots to be controlled

Botnet Software Taxonomy Turns off anti-virus/firewalls Installs TCP Identification software Installs System Security Monitor Installs Registry Monitor Support for multiple exploits Code allows for updates from Botmaster and add new exploits to Botnet code

Contributions Expanded knowledge of Botnet Formulated way to Tracked and Estimated growth and size of Botnet Formulated way to capture Botnet code Examined common Botnet code

Weaknesses Did not cover HTTP or P2P Botnets even though both of these make up 30% of the Botnets they observed Would need considerable amount of research to find ways to track these Botnets