Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Akshat Sharma Samarth Shah

CSC 774 Advanced Network Security

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

FIT3105 Smart card based authentication and identity management Lecture 4.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

SSH Secure Login Connections over the Internet

Introduction to Honeypot, Botnet, and Security Measurement

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

BotNet Detection Techniques By Shreyas Sali

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

DaaS: DDoS Mitigation-as-a-Service 2011 IEEE/IPSJ International Symposium on Applications and the Internet Author: Soon Hin Khor & Akihiro Nakao Speaker:

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

Presented By: Abirami Poonkundran Authors: Jeff Yan, Ahmad El Ahmad.

Host and Application Security Lesson 17: Botnets.

Packet-Marking Scheme for DDoS Attack Prevention

Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Polymorphic Worm Detection by Instruction Distribution Kihun Lee HPC Lab., Postech.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

DoS/DDoS attack and defense

ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.

1 NES554: Computer Networks Defense Course Overview.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

CSCE 548 Student Presentation By Manasa Suthram

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Future Internet Presenter : Eung Jun Cho

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Seraphim : A Security Architecture for Active Networks

12/6/2018 Honeypot ICT Infrastructure Sashan

Presentation transcript:

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department of Computing, Macquarie University, Australia Reporter: 游明軒

Outline  Introduction  API Verifier  Security analysis  Conclusion & discussion

Introduction  Web 2.0  Blog, RSS, Social networking sites, etc.  Web based bots  Use web 2.0 service as a C&C channel  Instead of traditional bots sitting on IRC channel, the connections between web based bots are not permanent  The authors implement a tool, API Verifier, to detect web based bots

Web based botnet

Botnet detection methods  Analysis of network traffic flows  Network traceback  Honeypots  These techniques do not cover web based botnet because the bot activities are indistinguishable and legitimate users and websites

API Verifier  Motivation  Because a web based bot must use Web 2.0 service APIs, API Verifier is implemented to verify whether a user is a person or a bot  Approach  Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)  MAC address as identifier

API Verifier - architecture  Components  API Verifier Client  API Verifier Server

API Verifier - functionality  Authentication  User profile  Session key  Encrypt MAC address  Be generated independently each time when an API call is made  Permanent MAC address  CAPTCHA verification

API Verifier – work flow

Security analysis  Spoofing MAC address  API Verifier Client fraud  DDoS attack  By-passing CAPTCHA verification

Spoofing MAC address  Change MAC address (1a)  Hijacking OS kernel and modifying the OS communication with NIC is expensive  Cause the high risk of being detection  Change the encrypted MAC address (1b)  session key is generated each API call and is a combination of the secret key and a time token

API Verifier Client fraud  It is hard to recover the secret key of the API Verifier Client  AES 128-bit  it is hard to disassemble the API Verifier Client  Obfuscation technique

DDoS attack  Set limit on the number of verification attempts  Finite times to solve CAPTCHA  A time interval for next MAC address verification

By-passing CAPTCHA verification  Analyze the picture and extract characters on the image  send the image to attacker to solve it

System short coming  API Verifier cannot get permanent MAC address on virtual machine

Conclusion & discussion  Propose a novel approach against web based botnet. The main concept is to identify whether a user is a person or a bot  Implement a system, API Verifier, to detect the bots before they access to web service API  For security, the authors consider all possible attacks and defend  DDoS attack issue still exists  Lack for a convincing proof of statistics in real world

Thanks