A First Step Towards Characterizing Stealthy Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of Texas at San Antonio.

Slides:

Advertisements

Similar presentations

Modeling of Complex Social Systems MATH 800 Fall 2011.

Advertisements

Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux,

Distributed Advice-Seeking on an Evolving Social Network Dept Computer Science and Software Engineering The University of Melbourne - Australia Golriz.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Every edge is in a red ellipse (the bags). The bags are connected in a tree. The bags an original vertex is part of are connected.

LASTor: A Low-Latency AS-Aware Tor Client

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

RESILIENCE NOTIONS FOR SCALE-FREE NETWORKS GUNES ERCAL JOHN MATTA 1.

SELECT: Self-Learning Collision Avoidance for Wireless Networks Chun-Cheng Chen, Eunsoo, Seo, Hwangnam Kim, and Haiyun Luo Department of Computer Science,

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

An Analysis of Social Network-Based Sybil Defenses Sybil Defender

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.

Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,

University of Buffalo The State University of New York Spatiotemporal Data Mining on Networks Taehyong Kim Computer Science and Engineering State University.

Yusuf Simonson Title Suggesting Friends Using the Implicit Social Graph.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

Graph Algorithms: Minimum Spanning Tree We are given a weighted, undirected graph G = (V, E), with weight function w:

Hidden Markov Model Special case of Dynamic Bayesian network Single (hidden) state variable Single (observed) observation variable Transition probability.

1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.

Improving Robustness in Distributed Systems Jeremy Russell Software Engineering Honours Project.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Probabilistic one-player vertex-coloring games via deterministic two-player games The deterministic game Torsten Mütze, ETH Zürich Joint work with Thomas.

Code and Decoder Design of LDPC Codes for Gbps Systems Jeremy Thorpe Presented to: Microsoft Research

A Graph-based Framework for Transmission of Correlated Sources over Multiuser Channels Suhan Choi May 2006.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

Ns Simulation Final presentation Stella Pantofel Igor Berman Michael Halperin

The Role of Specialization in LDPC Codes Jeremy Thorpe Pizza Meeting Talk 2/12/03.

Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.

Systematic Analysis of Interactome: A New Trend in Bioinformatics KOCSEA Technical Symposium 2010 Young-Rae Cho, Ph.D. Assistant Professor Department of.

An Evaluation model of botnet based on peer to peer Gao Jian KangFeng ZHENG,YiXian Yang,XinXin Niu 2012 Fourth International Conference on Computational.

Developing Analytical Framework to Measure Robustness of Peer-to-Peer Networks Niloy Ganguly.

Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes JieJun Kong Dapeng Wu Xiaoyan Hong and Mario Gerla.

Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.

11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.

Scalable Computing on Open Distributed Systems Jon Weissman University of Minnesota National E-Science Center CLADE 2008.

Robustness of complex networks with the local protection strategy against cascading failures Jianwei Wang Adviser: Frank,Yeong-Sung Lin Present by Wayne.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

Decapitation of networks with and without weights and direction : The economics of iterated attack and defense Advisor : Professor Frank Y. S. Lin Presented.

Reserve Variability – Session II: Who Is Doing What? Mark R. Shapland, FCAS, ASA, MAAA Casualty Actuarial Society Spring Meeting San Juan, Puerto Rico.

Random Graph Generator University of CS 8910 – Final Research Project Presentation Professor: Dr. Zhu Presented: December 8, 2010 By: Hanh Tran.

Analyzing the Vulnerability of Superpeer Networks Against Attack Niloy Ganguly Department of Computer Science & Engineering Indian Institute of Technology,

KAIS T On the problem of placing Mobility Anchor Points in Wireless Mesh Networks Lei Wu & Bjorn Lanfeldt, Wireless Mesh Community Networks Workshop, 2006.

Joint Power and Channel Minimization in Topology Control: A Cognitive Network Approach J ORGE M ORI A LEXANDER Y AKOBOVICH M ICHAEL S AHAI L EV F AYNSHTEYN.

THROUGHPUT ANALYSIS OF IEEE DCF BASIC IN PRESENCE OF HIDDEN STATIONS Shahriar Rahman Stanford Electrical Engineering

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

The Mixed Effects Model - Introduction In many situations, one of the factors of interest will have its levels chosen because they are of specific interest.

Privacy Preserving in Social Network Based System PRENTER: YI LIANG.

Network Science K. Borner A.Vespignani S. Wasserman.

Distributed, Self-stabilizing Placement of Replicated Resources in Emerging Networks Bong-Jun Ko, Dan Rubenstein Presented by Jason Waddle.

Progress Report ekker. Problem Definition In cases such as object recognition, we can not include all possible objects for training. So transfer learning.

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.

1 Basel II Pillar 2 Internal Models: Integrating credit and market risk in private equity transactions Erwin Charlier GRM/ERM/Credit Portfolio Modelling.

Dynamic Network Analysis Case study of PageRank-based Rewiring Narjès Bellamine-BenSaoud Galen Wilkerson 2 nd Second Annual French Complex Systems Summer.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

SYNERGY: A Game-Theoretical Approach for Cooperative Key Generation in Wireless Networks Jingchao Sun, Xu Chen, Jinxue Zhang, Yanchao Zhang, and Junshan.

Botnets A collection of compromised machines

Botnets A collection of compromised machines

Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.

Cyber Security Research: Applied and Basic Combined*

By group 3(not the ones who made the paper :D)

Modeling Entropy in Onion Routing Networks

Anti-Procyclicality Framework

Presented by Nick Janus

Presentation transcript:

A First Step Towards Characterizing Stealthy Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of Texas at San Antonio

Overview Dynamic Graph Model Model Parameters Detection Ratio Resilience Impact of Topology Impact of Fragmentation Impact of Sophistication

Dynamic Graph Model Directed graph representation Vertex set represents bots Edge set represents knows relation – e.g., (u,v) implies u can spontaneous communication with v. Does capturing u imply exposure of v? Undirected graph is special case

Role of anonymous channels Anonymous channels offer a mechanism to communicate exposing their identity. Some implementations may allow duplex communications. Fully anonymous channels are assumed to be out of botnet.

Roles of bots Master is considered out-of-botnet. Entry Bot is a bot which directly receives communications from master. Each bot relays communications over its out edges according to topology. Extreme case every bot is an entry bot, and edge set is empty.

Model Parameters Attack sophistication α,β Probability of exposure due to sending C&C Probability of exposure due to receiving C&C. Anonymous channels may reduce or eliminate either. Out-of-botnet channels are undetectable.

Model Parameters Graph Topology Type of graph structure created by adversary Assumed to be fixed over a single attack round Detection Threshold k Master's estimation of defender's detection capabilities. Risk management of bots.

Detection Ratio Define Exposedness as probability a bot has been captured after conducting some previous C&C activity, and potentially conducting some additional C&C activity. Detection ratio is number of bots above risk threshold k relative to the size of the botnet.

Resilience Complement of ratio of size of traceable bots over size of botnet. Tracing uses knows relationship Requires restriction that β > 0, e.g. we cannot trace backwards over receiver anonymous channels in a single round.

Simulation Study Difficult to combine definitions with topologies to gain insights. Intuitively large-degree botnets are not stealthy, so focus on small-degree p2p style botnets. Initially investigated homogenous topologies.

Impact of topology

Impact of Fragmentation In-degree regular vs random (out-degree is similar) detection ratio

Impact of Fragmentation In-degree regular vs random (out-degree is similar) resilience

Impact of Sophistication Equal detection vs sender weighted detection, in-random topology.

Impact of Sophistication Equal detection vs sender weighted detection, in-regular topology.

Future Issues Can we build a holistic framework for both C&C and attack activities? Can we extend the model for attack- defense interactions? How should we validate against real- world testbeds and case studies?

Questions?