Presented by Aaron Ballew

Slides:

Advertisements

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Advertisements

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Zhiyun Qian, Z. Morley Mao (University of Michigan)

RB-Seeker: Auto-detection of Redirection Botnet Presenter: Yi-Ren Yeh Authors: Xin Hu, Matthew Knysz, Kang G. Shin NDSS 2009 The slides is modified from.

OFFENSE BY KALYAN MANDAGAUTAM BHASWAR.  4 years of study, covers only 6 Botnets reponsible for 79% of spam messages arriving at the University of Washington.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

Bayesian Bot Detection Based on DNS Traffic Similarity Ricardo Villamarín-Salomón, José Carlos Brustoloni Department of Computer Science University of.

Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Botnets An Introduction Into the World of Botnets Tyler Hudak

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Jonell Baltazar, A Trend Micro Research Paper (Retrieved May 2010).

Final Introduction ---- Web Security, DDoS, others

Understanding the Network-Level Behavior of Spammers Best Student Paper, ACM Sigcomm 2006 Anirudh Ramachandran and Nick Feamster Ye Wang (sando)

Using Traffic Shaping to Combat Spam David Cawley, Senior Engineer December 12th, 2007.

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

Identification of Bot Commands By Run-time Execution Monitoring Younghee Park, Douglas S. Reeves North Carolina State University ACSAC

1 Fighting Comment Spam Employing the site’s audience, coding skills, and free distributed solutions to fight back.

Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Studying Spamming Botnets Using Botlab

Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma

The Koobface Botnet and the Rise of Social Malware Kurt Thomas David M. Nicol

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman * Joint work with Subhabrata Sen §, Oliver Spatscheck §, Patrick Haffner.

Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Real-Time Botnet Command and Control Characterization at the Host Level JHEN-HUANG Gao.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.

© ETH Zürich | ID-KOM/NSG Simple Anomaly Detection via Netflows.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Telnet Media. Telnet Media Ltd Surfing the Web Secure Content Management Products Reasons to implement Agenda.

DNS Forensics & Protection

Detecting DGA Botnets Using DNS Traffic

Top 5 Open Source Firewall Software for Linux User

DDoS Attacks on Financial Institutions Presentation

A lustrum of malware network communication: Evolution & insights

EN Lecture Notes Spring 2016

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Future Internet Presenter : Eung Jun Cho

Data Streaming in Computer Networking

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Risk of the Internet At Home

BOTNET JUDO : Fighting Spam with Itself

Information Security Session October 24, 2005

AKAMAI INTELLIGENT PLATFORM™

OPS235: Configuring a Network Using Virtual Machines – Part 2

“A Multifaceted Approach to Understanding the Botnet Phenomenon”

Firewalls Jiang Long Spring 2002.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee

Malicious Hubs Sarah Jaffer.

CIPSEC Framework components: XL-SIEM

Botnet Detection by Monitoring Group Activities in DNS Traffic

Unconstrained Endpoint Profiling (Googling the Internet)‏

Presentation transcript:

Presented by Aaron Ballew Botlab Presented by Aaron Ballew

Context Prior Work Analyze incoming spam Reverse engineer a few bots Characterizes aggregate behavior Reverse engineer a few bots Not timely or scalable, due to all the clever ways bad guys use to obfuscate their bots Botlab analyzes incoming spam, but also compares it to outgoing spam generated by captive bots

Botlab Real-time monitoring Consumes incoming spam to get the latest & greatest “binaries” Uses captive bots to send outgoing spam as ground-truth Correlate the two to determine which botnets are most active at the moment, among other things Network fingerprint [protocol, ip, dns addy, port] based on current behavior, rather than reverse engineering. Things change too fast to reverse engineer everything. To be safe, the captive bots are sandboxed Still have to let a little traffic out to reach C&C (bad guy) servers That traffic is run through an anonymizer first, so the bad guys don’t know they’re being monitored.

Results Better spam filtering Created a Firefox plugin that blocked 40,000 malicious links, while two traditional blacklist techniques missed them all. Similar result with Google mail Found that 6 botnets generate 79% of the spam hitting UW Estimated the size of the spam lists at 4 major botnets

Botlab Conclusion Determines what botnets are doing what Adapts to changes in botnets’ behavior Produces info on the fly Causes no harm