Report: 鄭志欣 Conference: Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel, and Giovanni.

Slides:

Advertisements

Similar presentations

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

Advertisements

Botnet Behavior and Detection Strategies Brad Wilder.

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Welcome to SpyEye Front-end interface called “CN 1” or “Main Access Panel.”

Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing s I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing s. In Proceedings.

8.1 DISTRIBUTED COMPUTER SECURITY Dr. Yanqing Zhang, CSc 8320 Presented by Kireet Kokala © 2009 Georgia State University.

BRETT STONE-GROSS, MARCO COVA, LORENZO CAVALLARO, BOB GILBERT, MARTIN SZYDLOWSKI, RICHARD KEMMERER, CHRISTOPHER KRUEGEL, AND GIOVANNI VIGNA PRESENTATION.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.

Chapter Two: Internet Fundamentals: Operations, Management, the Web, and Wireless By: Laura Marshall, Mary Mauro, and Doug Moore.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Written by Guofei Gu, Roberto Perdisci, Junjie.

IP Addressing: introduction

On the Feasibility of Large-Scale Infections of iOS Devices

COS 420 DAY 22. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.

BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)

Bayesian Bot Detection Based on DNS Traffic Similarity Ricardo Villamarín-Salomón, José Carlos Brustoloni Department of Computer Science University of.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

1 UCR Know thy enemy: what do attackers want? Slide credits: some slides adapted from Lorenzo Cavallaro and others.

Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

PACKET ANALYSIS WITH WIRESHARK DHCP, DNS, HTTP Chanhyun park.

Presentation by: Robert Bobek Privacy and Security Concerns with HTTP Cookies.

Botnets: Yesterday, Today, and Tomorrow CS 598: Advanced Internet Presented by: Imranul Hoque.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. WEB.

FluXOR: Detecting and Monitoring Fast-Flux Service Networks Emanuele Passerini, Roberto Paleari, Lorenzo Martignoni, and Danilo Bruschi 5th international.

2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.

Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Campus Solutions 9.0 Case Study: Student Financials in the Student Center USM Regional PeopleSoft/Oracle Conference November 16, 2007.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross,

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

TEL500-Voice Communications SIP-based VoIP Traffic Behavior Profiling and Its Application Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication State.

Phishing Problem Kristián Kučerák Milan Just. Abstract In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

Automating Analysis of Large-Scale Botnet Probing Events Zhichun Li, Anup Goyal, Yan Chen and Vern Paxson* Lab for Internet and Security Technology (LIST)

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.

Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer,

IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.

Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas.

Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Working at a Small-to-Medium Business or ISP – Chapter 7

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Working at a Small-to-Medium Business or ISP – Chapter 7

“CYBER SPACE” - THE UNDERGROUND ECONOMY

Threat Analtics Data Exfiltration by DNS lookup

Working at a Small-to-Medium Business or ISP – Chapter 7

2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.

Your Botnet is my Botnet: Analysis of a Botnet Takeover

System Administration Homework 4 – Web Server

Botnet Detection by Monitoring Group Activities in DNS Traffic

Presentation transcript:

Report: 鄭志欣 Conference: Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel, and Giovanni Vigna, in Proceedings of the ACM CCS, Chicago, IL, November /9/8 1 Machine Learning and Bioinformatics Lab

 Date Collect : 2009/1/25 ~ 2009/2/5  180’000 infections  70GB data  USD$ 83,000 ~ 8,300,000 (bank account and credit card) 2015/9/8 2 Machine Learning and Bioinformatics Lab

 Introduction  Botnet Analysis  Threats and data analysis  Conclusion 2015/9/8Machine Learning and Bioinformatics Lab 3

 The main purpose of this paper is to analyze the Torpig botnet’s operations. Botnet size. The personal information is stolen by botnets. 2015/9/8Machine Learning and Bioinformatics Lab 4

 Torpig solves fast-flux by using a different technique for locating its C&C servers, which we refer to as domain flux. 2015/9/8Machine Learning and Bioinformatics Lab 5

 Data Collection and Format  Submission Header  Botnet Size vs. IP Count 2015/9/8Machine Learning and Bioinformatics Lab 6

 Date : 70GB (10 day)  Protocol : HTTP POST requests  Submission Header VS. Request body 2015/9/8Machine Learning and Bioinformatics Lab 7

2015/9/8Machine Learning and Bioinformatics Lab 8  Ts = time stamp  IP  Sport = SOCKS proxies port  Hport = HTTP port  OS = operation system version  Cn = locale  Nid = bot identifier  Bld and ver = build and version number of Torpig gh5

 2015/9/8Machine Learning and Bioinformatics Lab 9

 Counting Bots by Submission Header Fields  (nid, os, cn, bld, ver) decide to unique bot  Delete Probers and Researcher  hosts 2015/9/8Machine Learning and Bioinformatics Lab 10

2015/9/8Machine Learning and Bioinformatics Lab Bots / hour 705 Bots / hour

2015/9/8Machine Learning and Bioinformatics Lab 12

 DHCP (ISPs recycles IPs) 2015/9/8Machine Learning and Bioinformatics Lab 13

 Financial Data Stealing  Password Analysis 2015/9/8Machine Learning and Bioinformatics Lab 14

 In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different institutions. The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), E*Trade (304), and Chase (217). 2015/9/8Machine Learning and Bioinformatics Lab 15

2015/9/8Machine Learning and Bioinformatics Lab 16

 we found that a naïve evaluation of botnet size based on the count of distinct IPs yields grossly overestimated results. 2015/9/8Machine Learning and Bioinformatics Lab 17

2015/9/8Machine Learning and Bioinformatics Lab 18