Modeling Botnet Propagation Using Time Zones

Slides:



Advertisements
Similar presentations
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Advertisements

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
By Hiranmayi Pai Neeraj Jain
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
On the Feasibility of Large-Scale Infections of iOS Devices
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
Introduction to Honeypot, Botnet, and Security Measurement
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
1 Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Speaker: Jun-Yi Zheng 2010/03/29.
Detecting Botnets 1 Detecting Botnets With Anomalous DNS Traffic Wenke Lee and David Dagon Georgia Institute of Technology College of Computing {wenke,
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley.
A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.
1 An Advanced Hybrid Peer-to-Peer Botnet Ping Wang, Sherri Sparks, Cliff C. Zou School of Electrical Engineering & Computer Science University of Central.
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Studying Spamming Botnets Using Botlab 台灣科技大學資工所 楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.
Cross-Analysis of Botnet Victims: New Insights and Implication Seungwon Shin, Raymond Lin, Guofei Gu Presented by Bert Huang.
Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.
Know your Enemy: Tracking Botnets The Honeynet Project & Research Alliance Presented by: Jonathan Dowdle.
1 Monitoring and Early Warning for Internet Worms Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
HoneyStat: Local Worm Detection Using Honeypots David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, et al from Georgia Institute of Technology Authors: The.
2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.
Exact Propagation Modeling of Permutation-Scanning Worms Parbati Kumar Manna Dr. Shigang Chen Dr. Sanjay Ranka University of Florida.
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority Reporter: Jing Chiu Adviser: Yuh-Jye Lee 2016/3/191Data Mining & Machine Learning.
2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist.
How dynamic are IP addresses? Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moises Goldszmidt, Ted Wobber SIGCOMM ‘07 Chulhyun Park
Botnets A collection of compromised machines
Internet Quarantine: Requirements for Containing Self-Propagating Code
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
Epidemic spreading in complex networks with degree correlations
Article by:. rown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh
Botnets A collection of compromised machines
Internet Worm propagation
Chap 10 Malicious Software.
Modeling and Measuring Botnets
Local Worm Detection using Honeypots Justin Miller Jan 25, 2007
System & Network Administration (MCSA & RHCSA)
Chap 10 Malicious Software.
Modeling, Early Detection, and Mitigation of Internet Worm Attacks
Botnet Detection by Monitoring Group Activities in DNS Traffic
Introduction to Internet Worm
An overview over Botnets
Presentation transcript:

Modeling Botnet Propagation Using Time Zones Published by: Cliff Zou, David Dagon, Wenke Lee Presentation by: Corey Kuwanoe

Outline Background Data Collection Model Experiments Practical Usage Time Zone Diurnal Experiments Practical Usage

Background Botnets

Background (cont.) Heterogeneous Victims obtained through Viruses Worms Trojans

Data Collection Command and Control Servers Honeypots DNS manipulation

Time Zone Modeling Diurnal Shaping Function (t) Fraction of vulnerable computers online at time t Periodical function 24 hr period

Diurnal Model for Single Time Zone I(t) Number of infected hosts S(t) Number of vulnerable hosts N(t) Number of hosts that were originally vulnerable

Diurnal Model for Single Time Zone (cont.) I’(t) (t)I(t) # of online infected hosts S’(t) (t)S(t) # of online vulnerable hosts N’(t) (t)N(t) # of online hosts from N(t)

Diurnal Model for Single Time Zone (cont.) Worm propagation dynamics Worm propagation diurnal model  = proportion of scan rate / ip space  = removal parameter

Diurnal Model for Single Time Zone (cont.)

Diurnal Model for Multiple Time Zones Groups 24 groups for 24 hours

Experiments Botnet Grouping 350k members Random scanning Single Domain North America Asia Europe

Experiments (cont.)

Experiments (cont.)

Experiments (cont.)

Experiments (cont.) Automatically derive (t) Break down botnet traffic by region Process regional data Split dataset into segments Normalize data in segments Average data in segments Remove monitor noise Normalize result Place (t) in database

Experiments (cont.)

Practical Uses Time for releasing a worm Predict future propagation

Practical Uses (cont.)

Practical Uses (cont.)

Practical Uses (cont.)

Practical Uses (cont.) Successfully predicts dynamics of botnets Not infected populations

Contributions Simple and intuitive model Accurate predictions of future propagation

Weaknesses Only accurate for scanning worms Email worms/viruses pose a problem to model Predictions are only good for a limited amount of time Does not address multiple infection vectors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.