1 Botnets A Multifaceted Approach to Understanding the Botnet Phenomenon (Rajab/Zarfoss/Monrose/Terzis) Ryan Hannan Rohit Bhat Alan Mui Irfan Siddiqui.

Slides:

Advertisements

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Advertisements

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

1 MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.

RB-Seeker: Auto-detection of Redirection Botnet Presenter: Yi-Ren Yeh Authors: Xin Hu, Matthew Knysz, Kang G. Shin NDSS 2009 The slides is modified from.

A Taxonomy of Botnet Behavior, Detection, and Defense Speaker:Bo-Rong Sue Source:IEEE 1.

Statistical Techniques I EXST7005 Lets go Power and Types of Errors.

Offense: Brute Force A Multifaceted Approach to Understanding the Botnet Phenomenon (Rajab/Zarfoss/Monrose/Terzis)

1 MA Rajab, J Zarfoss, F Monrose, A Terzis - Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets My Botnet is Bigger than Yours.

PRIDE Professional Rubrics Investing & Developing Educator Excellence

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Slides to add  Botnet slides  Security regulations  Do we have similar laws for transportation?  Terrorism (look for some examples if possible)  Company.

Intro to Statistics for the Behavioral Sciences PSYC 1900 Lecture 9: Hypothesis Tests for Means: One Sample.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Threat infrastructure: proxies, botnets, fast-flux

Bayesian Bot Detection Based on DNS Traffic Similarity Ricardo Villamarín-Salomón, José Carlos Brustoloni Department of Computer Science University of.

A M ULTIFACETED A PPROACH TO U NDERSTANDING THE B OTNET P HENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science Department.

11 Active Botnet Probing to Identify Obscure Command and Control Channels G Gu, V Yegneswaran, P Porras, J Stoll, and W Lee - on Annual Computer Security.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Botnets An Introduction Into the World of Botnets Tyler Hudak

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

Modeling Botnets and Epidemic Malware Marco Ajelli, Renato Lo Cigno, Alberto Montresor DISI – University of Trento, Italy disi.unitn.it

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Detecting Botnets 1 Detecting Botnets With Anomalous DNS Traffic Wenke Lee and David Dagon Georgia Institute of Technology College of Computing {wenke,

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

1 An Advanced Hybrid Peer-to-Peer Botnet Ping Wang, Sherri Sparks, Cliff C. Zou School of Electrical Engineering & Computer Science University of Central.

Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,

A MULTIFACETED APPROACH TO UNDERSTANDING THE BOTNET PHENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose & Andreas Terzis IMC’06.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,

Национальная процедура одобрения и регистрации проектов (программ) международной технической помощи (исключая представление информации об организации и.

Host and Application Security Lesson 17: Botnets.

Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM, Presented.

Published: Internet Measurement Conference (IMC) 2006 Presented by Wei-Cheng Xiao 2015/11/221.

Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.

Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010.

Leveraging Delivery for Spam Mitigation.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Marketing Research Chapter 29. The Marketing Research Process The five steps that a business follows when conducting marketing research are: Defining.

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

1.. Wed 10/21 Lesson 3 – 5 Learning Objective: To solve systems with three variables Hw: Pg. 171 # 21 – 29 odd.

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Homework Log Wed 10/21 Lesson 3 – 5 Learning Objective: To solve systems with three variables Hw: Pg. 172 # odd Attention!! Pass up yesterday’s HW.

Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Application for Ethics Approval for BEd/BSSc Honours Projects Tianyuan Li, Chairperson of the PS Departmental Ethics Committee (June 2015)

Copyright 2010, The World Bank Group. All Rights Reserved. Producer prices, part 2 Measurement issues Business Statistics and Registers 1.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Your Botnet is My Botnet: Analysis of a Botnet Takeover

De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Peng Cheng 03/22/2017.

Registration link on the calendar page of the class blog

Offense Questions: Botnet detection

“A Multifaceted Approach to Understanding the Botnet Phenomenon”

April May April May June July July June August Sept August

CHAPTER 12 More About Regression

Botnet Detection by Monitoring Group Activities in DNS Traffic

Introduction to Csound 4.

Presentation transcript:

1 Botnets A Multifaceted Approach to Understanding the Botnet Phenomenon (Rajab/Zarfoss/Monrose/Terzis) Ryan Hannan Rohit Bhat Alan Mui Irfan Siddiqui

2 Statistical Significance What did they examine? –800,000 DNS domains examined –85,000 servers botnet-infected (11%) –65 IRC server domain names Is above data statistically significant? –Over 97,000,000 domain names exist –73,500,000.com domains (1% probed)

3 Statistical Significance Ignored non-IRC based bots –40% of bot traffic has been completely ignored –Only reviewed C&C (command and control) channels – , web, P2P, other methods were not examined

4 What was the focus of the testing? Type I bots (17% of total analysis) – Type I bots are “worm-like botnets that continuously scan…” Type-II bots (83% of total analysis) – Type II bots are: “botnets with variable scanning behavior” and “only scan after receiving a command…”

5 What was the focus of the testing? Type-I bots (17% of total analysis) – Type I bots are “worm-like botnets that continuously scan…” Type-II bots (83% of total analysis) – Type II bots are: “botnets with variable scanning behavior” and “only scan after receiving a command…” Since most of the analysis was conducted on Type-II bots, how much traffic was missed while waiting for commands to be initiated?

6 Study Duration Study lasted 3 months –Is this enough time to get an accurate set of sample data? –Do we know this 3-month stretch was indicative of “normal” traffic? –Do we know if anything happened during this 3- month period that could account for exceptionally high or low amounts of traffic?

7 Tracking Inaccuracies? Consistent inconsistency? Traffic changes frequently! *Data from

8 Tracking Inaccuracies? What if the tracking was done April – June? How about Nov. – Jan.? Skewed Results? *Data from

9 How do they know what they saw? Don’t want to be found –Botmasters intentionally use stealth techniques to remain anonymous –Bots, like all technologies, are constantly changing and evolving with time…new evolutions could already exist that they were unaware of –Encryption is being used instead of passing commands as clear-text