Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Slides:

Advertisements

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Advertisements

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Hidden Markov Models Usman Roshan BNFO 601. Hidden Markov Models Alphabet of symbols: Set of states that emit symbols from the alphabet: Set of probabilities.

School of Computer Science and Information Systems

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

09 Dec 2010 DETECTION OF SIP BOTNET BASED ON C&C COMMUNICATIONS Mohammad AlKurbi.

BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)

SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

Automatically Generating Models for Botnet Detection Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda Vienna University.

Sravanthi Vattikuti Sri Harsha Devabhaktuni

Botnets An Introduction Into the World of Botnets Tyler Hudak

Introduction to Honeypot, Botnet, and Security Measurement

Attacks on Computer Systems

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,

An Evaluation model of botnet based on peer to peer Gao Jian KangFeng ZHENG,YiXian Yang,XinXin Niu 2012 Fourth International Conference on Computational.

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

BotNet Detection Techniques By Shreyas Sali

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Amir Houmansadr CS660: Advanced Information Assurance Spring 2015

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

--Harish Reddy Vemula Distributed Denial of Service.

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Automated Classification and Analysis of Internet Malware M. Bailey J. Oberheide J. Andersen Z. M. Mao F. Jahanian J. Nazario RAID 2007 Presented by Mike.

Daniul Byrd. What are bots?  Software that automates tasks  Can network to share data and act in coordination.

Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,

Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II.

Host and Application Security Lesson 17: Botnets.

Published: Internet Measurement Conference (IMC) 2006 Presented by Wei-Cheng Xiao 2015/11/221.

Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Chien-Chung Shen Bot and Botnet Chien-Chung Shen

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Sanmit Narvekar Department of Computer Science California State University, Los Angeles Advisor: Prof. Valentino Crespi.

Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

An overview over Botnets

Presentation transcript:

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008

Bots and Botnets Malicious self-propagating program Difficult to detect Most antivirus software is signature-based Ability to communicate and coordinate with botmaster IRC HTTP Prevalence Honeypots Size is power

Bot Infection Security flaws Port scanning Compromised servers Increase range Allow for communication indirection

Bot Attacks & Profits “Renting out” a botnet Spam DDoS Click fraud Identity theft

Bot Detection Indicators Similar requests Synchronization Problems Potentially little traffic Potential delay between command and action

Hidden Markov Models

Initial State Probabilities

Transition Probabilities

Observation Probabilities

Complete HMM

Example States: Observations: Question: What’s the weather been like? Example courtesy of

Modeling with HMMs Only given observations Generate most likely HMM that generates the sequence of states The Baum-Welch algorithm

The Process Collect network data Extract some characteristic HMM models underlying state of computer / network Test for similarity between HMMs Synchronization may result in greater similarity

Sample Data Variation Regular / random intervals Same / Different number of bot-initiated requests Synchronization With / Without user browsing