Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM

OUTLINES Botnet Introduction Botnet Demonstrations Defending Botnet Attacks Cyber-Physical System (CPS) Introduction Simulation of Botnet Attacks on CPS

WHAT IS A BOTNET Virus: Self reproduce quickly in one computer Trojan horse: Hide themselves as safe files Worm: Propagate through internet quickly Remote Control Software: Legal, desktop user Botnet: Integration of all above

HOW A BOTNET WORKS Zombie: Student John Botmaster: Prof. Smith Bot: Final Project

HOW A BOTNET WORKS Ordinary User: Other Students Victim: Dean C&C Server: Coordinator

INFECTION

PROPAGATION

ATTACK COMMAND

ATTACK

SPAM

INFORMATION THEFT

DDOS

BOTNET HISTORY Botnets are big business! Date arrivedEstimate no.Spam capacityName 2006(around)150,00030 billion/dayRustock 2007(March)450,00060 billion/daySrizbi 2008(November)10,500, billion/dayConficker 2009(around)560, billion/dayGrum

14 botmaster Reflection Server huigezi.3322.org Download bot huigezi.3322.org All zombies are waiting for control command from botmaster! huigezi.3322.org Download bot Scan Scanning Scan Command Attack Connection Victim Wire Gpigeon Botnet DDoS Attack Scenario Browse malicious website Webpage Trojan Server DNS Server Domain Name Provider Update bot ftp:// /ip.txt Log in Update ip.txt Update domain name Scan

P2P BOTNET To avoid single point of failure Botmaster encrypts commands using private key Zombies decrypt them using public key

COUNTERMEASURES 12/4/2012 FALL 2012 CS388 MODEL-INTEGRATED COMPUTING - FINAL PRESENTATION 16 Honeypot – Know your Enemy Modeling of Honeynet to defend Botnet attacks using GME

REMOTE CONTROL DEMO Remote Control Tool: Gpigeon Platform: Vmware Attack: Information Theft

DDOS DEMO DDoS tools: TFN2K, TRINOO Platform: Deterlab Attack: TCP SYN flood, UDP flood, ICMP flood

WHAT IS NETWORK SIMULATION Real life Simulated life

WHY SIMULATION It is not practical to conduct controlled experiments directly on the network Real-system not available, is complex/costly or dangerous Quickly evaluate design alternatives Remove uncertain factors

NS ADVANTAGES Low cost(sometimes) Debug Variables

NS DRAWBACKS Reflect reality? Maybe slow Uncertain factor

CYBER-PHYSICAL SYSTEM(CPS) Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core. This intimate coupling between the cyber and physical will be manifested from the nano-world to large-scale wide-area systems of systems. And at multiple time-scales. transform how we interact with the physical world

HEALTHCARE SYSTEMS

HEALTHCARE SYSTEMS CON. In this case, we combine the network with the real device to build the a small cyber physical system, to simulate the scenario that operating room connect with the doctor and the hospital’s server.

OMNET++ OMNeT++ is an extensible, modular, component-based C++ simulation library and framework, primarily for building network simulators. “Network” is meant in a broader sense that includes wired and wireless communication networks, on-chip networks, queueing networks, and so on. Domain-specific functionality such as support for sensor networks, wireless ad-hoc networks, Internet protocols, performance modeling, photonic networks

INET FRAMEWORK It is a networks simulation package for OMNet++ It contains models for several wired and wireless networking protocols, including UDP, TCP, SCTP, IP, IPv6, Ethernet, PPP, , MPLS, OSPF, etc. Body Area Networks, low-power embedded devices

PLATFORM IMPLEMENTATION

SIMPLE MODULE Attacker CommandAndControl Zombie1-10 VictimHospital Operatingroom1-3

ATTACK STEPS Step1: Build botnet Step2: Make command Step3: Start SYN flood attack Step4: Crash the hospital server

FUTURE GOAL