Presentation is loading. Please wait.

Presentation is loading. Please wait.

BotNet Detection Techniques By Shreyas Sali

Published byRolf Walters Modified over 8 years ago

Similar presentations

Presentation on theme: "BotNet Detection Techniques By Shreyas Sali"— Presentation transcript:

1 BotNet Detection Techniques By Shreyas Sali
Course: Network Security (CSCI – 5235) Instructor: Dr. T Andrew Yang 1

2 Outline Introduction to Botnet Botnet Life-cycle
Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion References

3 Introduction to Botnet
A Botnet is a network of compromised computers under the control of a remote attacker. Botnet Terminology Bot Herder (Bot Master) Bot Bot Client IRC Server Command and Control Channel (C&C)

4 Introduction to Botnet (Terminology)
IRC Server IRC Channel Code Server Bot Master IRC Channel C&C Traffic Updates Attack Victim Bots

5 Botnet Life-cycle

6 Botnet Life-cycle

7 Botnet Life-cycle

8 Botnet Life-cycle

9 Botnet In Network Security
Internet users are getting infected by bots Many times corporate and end users are trapped in botnet attacks Today 16-25% of the computers connected to the internet are members of a botnet In this network bots are located in various locations It will become difficult to track illegal activities This behavior makes botnet an attractive tool for intruders and increase threat against network security

10 Botnet is Used For Bot Master

11 So It is really Important to Detect this attack
How Botnet is Used? Distributed Denial of Service (DDoS) attacks Sending Spams Phishing (fake websites) Addware (Trojan horse) Spyware (keylogging, information harvesting) Click Fraud So It is really Important to Detect this attack

12 Botnet Detection Two approaches for botnet detection based on
Setting up honeynets Passive traffic monitoring Signature based Anomaly based DNS based Mining based

13 Botnet Detection: Setting up Honeynets
Windows Honeypot Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password

14 Botnet Detection: Setting up Honeynets
Sensor 1. Malicious Traffic 3. Authorize 2. Inform bot’s IP Bot Master

15 Botnet Detection: Traffic Monitoring
Signature based: Detection of known botnets Anomaly based: Detect botnet using following anomalies High network latency High volume of traffic Traffic on unusual port Unusual system behaviour DNS based: Analysis of DNS traffic generated by botnets

16 Botnet Detection: Traffic Monitoring
Mining based: Botnet C&C traffic is difficult to detect Anomaly based techniques are not useful Data Mining techniques – Classification, Clustering

17 Botnet Detection Determining the source of a botnet-based attack is challenging: Traditional approach: Every zombie host is an attacker Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack New trend: P2P networks

18 Preventing Botnet Infections
Use a Firewall Patch regularly and promptly Use Antivirus (AV) software Deploy an Intrusion Prevention System (IPS) Implement application-level content filtering Define a Security Policy and Share Policies with your users systematically

19 Botnet Research Logging onto herder IRC server to get info
Passive monitoring Either listening between infected machine and herder or spoofing infected PC Active monitoring: Poking around in the IRC server Sniffing traffic between bot & control channel

20 Botnet Research: Monitoring Attacker
Infected Hi! IRC Herder Researcher

21 Conclusion Botnets pose a significant and growing threat against cyber security It provides key platform for many cyber crimes (DDOS) As network security has become integral part of our life and botnets have become the most serious threat to it It is very important to detect botnet attack and find the solution for it

22 References B. Saha and A, Gairola, “Botnet: An overview,” CERT-In White PaperCIWP , 2005 Peer to Peer Botnet detection for cyber-security: A data mining approach - ACM Portal Mohammad M. Masud, Jing Gao, Latifur Khan, Jiawei Han, Bhavani Thuraisingham A Survey of Botnet and Botnet Detection Feily, M.; Shahrestani, A.; Ramadass, S.;  Emerging Security Information, Systems and Technologies, SECURWARE '09. Third International Conference on Digital Object Publication Year: 2009 , Page(s): 268 – 273 IEEE CONFERENCES Honeynet-based Botnet Scan Traffic Analysis Zhichun Li, Anup Goyal, and Yan Chen Northwestern University, Evanston, IL 60208 Detecting Botnets Using Command and Control Traffic AsSadhan, B.; Moura, J.M.F.; Lapsley, D.; Jones, C.; Strayer, W.T.; Network Computing and Applications, NCA Eighth IEEE International Symposium. Publication Year: 2009 , Page(s): 156 – 162 IEEE CONFERENCES Spamming botnets: signatures and characteristics Yinglian Xie, Fang Yu

23 QUESTIONS

24 Thank you

Download ppt "BotNet Detection Techniques By Shreyas Sali"

Similar presentations

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google