Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas.

Slides:

Advertisements

Similar presentations

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Advertisements

Sean Ford, Macro Cova, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara ACSAC 2009.

The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.

S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.

How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.

Project 4 U-Pick – A Project of Your Own Design Proposal Due: April 14 th (earlier ok) Project Due: April 25 th.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

(Geneva, Switzerland, September 2014)

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Norman SecureSurf Protect your users when surfing the Internet.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Automatically Generating Models for Botnet Detection Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda Vienna University.

Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.

Botnets An Introduction Into the World of Botnets Tyler Hudak

Cloud Computing Introduction to China-cloud Project and Related Works in JSI Yi Liu Sino-German Joint Software Institute, Beihang Univ. May 2011.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

Report: 鄭志欣 Conference: Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel, and Giovanni.

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

BotNet Detection Techniques By Shreyas Sali

江健， Tsinghua University 梁锦津， Tsinghua University 李康， University of Georgia 李军， University of Oregon 段海新， Tsinghua University 吴建平， Tsinghua University 19.

Safe Internet Use Mark Wheatley CSI Onsite

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,

The Internet. The Internet: A Definition  Short for Internetwork  AKA: The World Wide Web, or the Net  This is defined by the system of communications.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Dynamic Host Configuration Protocol Engr. Mehran Mamonai.

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

2011/11/1 1 Long Lu, Wenke Lee College of Computing Georgia Inst. of Technology Roberto Perdisci Dept. of Computer Science University of Georgia.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue

Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,

Defending Browsers against Drive-by Downloads:Mitigating Heap-Spraying Code Injection Attacks Authors:Manuel Egele, Peter Wurzinger, Christopher Kruegel,

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Walowdac:Analysis of a Peer-to-Peer Botnet 林佳宜 NTOU CSIE 11/19/

Delivery for Spam Mitigation Usenix Security 2012 Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher.

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.

TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Real-Time Botnet Command and Control Characterization at the Host Level JHEN-HUANG Gao.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,

Matt Jennings.  Introduction  Value Chains  Major value chains in the illegal market  Means of Communication  Conclusion.

| © 2007 LenovoLenovo Confidential Use WinDBG Tool to Analyze BSOD —— Lenovo Service Support Training.

I2Coalition: How To Build Relationships And Save Money With Better Abuse Reporting Moderator: Michele Neylon CEO, Blacknight.

A lustrum of malware network communication: Evolution & insights

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Risk of the Internet At Home

De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Peng Cheng 03/22/2017.

Prepared By : Binay Tiwari

Introduction to Systems Security

Connecting Remotely Winter 2014.

Botnet Detection by Monitoring Group Activities in DNS Traffic

Presented by Aaron Ballew

Presentation transcript:

Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas Moser, Technical University Vienna Engin KirdaEngin Kirda, Institute Eurecom ACSAC Dec 2009 A Presentation at Advanced Defense Lab

Outline Introduction Data Collection Data Analysis Evaluation Related Work Conclusions Advanced Defense Lab2

Introduction Bullet-proof hosting (Ex. RBN) Criminals’ fear Usage Mechanism (malscore) Key: longevity Advanced Defense Lab3

Data Collection – Botnet C&C Tool [Anubis]Anubis IRC-based botnets HTTP-based botnets Pushdo Cutwail Advanced Defense Lab4

Data Collection – Drive-by- Download Hosting Providers Tool [Wepawet]Wepawet Computer Security Company [Spamcop]Spamcop Capture Honey Pot Client (HPC) VMs (Windows XP without updates) Advanced Defense Lab5

Data Collection – Phish Hosting Providers Tool [PhishTank]PhishTank Threshold Time – One week Advanced Defense Lab6

Data Analysis Time will tell between the rogue and legitimate networks. Advanced Defense Lab7

Data Analysis Advanced Defense Lab8

Data Analysis Advanced Defense Lab9

Data Analysis Advanced Defense Lab10

Data Analysis Threshold – δ IPs that are active less than δ are discarded. Apply to Botnet phishing Advanced Defense Lab11

Malscore Computation Once per day, FIRE produces 3 lists Li. The issue of “Size” of an AS. Cooperative Association for Internet Data Analysis Advanced Defense Lab12

Evaluation - Correctness Advanced Defense Lab13 [ShadowServer Foundation]ShadowServer Foundation [Google’s Safe Browsing]Google’s Safe Browsing [ZeusTracker]ZeusTracker

Evaluation - Completeness What we missing ? Advanced Defense Lab14

Choosing Fine Threshold Advanced Defense Lab15

No Threshold Required Advanced Defense Lab16

Choosing Fine Parameter - C Advanced Defense Lab17

Related Work The Road of the King Distinguish between compromised and deliberately malicious networks. Identify networks that are operated by criminals. Different filtering techniques Advanced Defense Lab18

Conclusions A novel system to automatically identify and expose organizations and ISPs that demonstrate persistent, malicious behavior. Refine the collected data and correlate it to deduce the level of maliciousness for the identified networks. Advanced Defense Lab19

Thank You Advanced Defense Lab20