Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

Slides:



Advertisements
Similar presentations
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
Advertisements

Networking, Sensing and Control (ICNSC), th IEEE International Conference on 黃川洁 1/25.
Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,
Taxonomy of Botnets Team Mag Five Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Slides to add  Botnet slides  Security regulations  Do we have similar laws for transportation?  Terrorism (look for some examples if possible)  Company.
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Written by Guofei Gu, Roberto Perdisci, Junjie.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
(Geneva, Switzerland, September 2014)
COEN 252: Computer Forensics Router Investigation.
BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Norman SecureSurf Protect your users when surfing the Internet.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
Sravanthi Vattikuti Sri Harsha Devabhaktuni
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Botnets An Introduction Into the World of Botnets Tyler Hudak
Introduction to Honeypot, Botnet, and Security Measurement
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,
 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.
BotNet Detection Techniques By Shreyas Sali
A Framework for Hybrid Structure P2P Botnet Speakers:MA2G0207 bo rong,sue Source:IEEE.
Amir Houmansadr CS660: Advanced Information Assurance Spring 2015
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
A N I NSIDE L OOK AT B OTNETS ARO-DHS S PECIAL W ORKSHOP ON M ALWARE D ETECTION, 2005 Written By: Paul Barford and Vinod Yegneswaran University of Wisconsin,
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.
1 An Advanced Hybrid Peer-to-Peer Botnet Ping Wang, Sherri Sparks, Cliff C. Zou School of Electrical Engineering & Computer Science University of Central.
Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.
BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.
Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.
Host and Application Security Lesson 17: Botnets.
Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Big Bad Botnet Day! Xeno Kovah In association with the Corporation for Public Botcasting, and Viewers Like You! Xeno Kovah In association with the Corporation.
Know your Enemy: Tracking Botnets The Honeynet Project & Research Alliance Presented by: Jonathan Dowdle.
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.
1 NES554: Computer Networks Defense Course Overview.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.
Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM.
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.
Speaker : YUN–KUAN,CHANG Date : 2009/11/17
Future Internet Presenter : Eung Jun Cho
BotCatch: A Behavior and Signature Correlated Bot Detection Approach
Intrusion Detection Systems (IDS)
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee
Data Mining & Machine Learning Lab
Presentation transcript:

nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil

Introduction Why they use Botnets? Attack vectors- Where are they used? Taxonomy of botnet and how it operates Detection and prevention of botnets Some recent botnets Current Botnet Mitigation efforts Botnet Monitoring nullcon Goa 2010http://nullcon.net Agenda

nullcon Goa 2010http://nullcon.net Introduction What are bots, botnets, botmasters, and zombies,IRC,P2P? Three characteristic attributes of bot a remote control facility, the implementation of several commands, and a spreading mechanism

What is DOS nullcon Goa 2010http://nullcon.net # About an hour and 15 minutes duration # Misuse Null TCP 6 # IP Protocol 6, TCP # No Flags - Null TCP /0 # Very well distributed or Source-spoofed IPs # Very well distributed source ports xx.xx.X.X/32 # Surprise, undernet IRC Server… 6667 # 6667 IRC Source: ISC

nullcon Goa 2010http://nullcon.net Why Botnets? Capability of botnet Botnet Economy Self propagation Robustness Efficiency Effectiveness Usage of different Encryption systems P2P botnet advantages!

nullcon Goa 2010http://nullcon.net Attack vectors Spamming Phishing Click Fraud, Google Adsense Sniffing traffic- Corporate Espionage, ID Theft Keystroke logging Data Mining Manipulating online MMOGs

nullcon Goa 2010http://nullcon.net How they operate How botmasters discover new bots 2 architectures: CnC and P2P Communication between the bot and the botmaster Botnet Complexity How they evade IDS/Honeypots

nullcon Goa 2010http://nullcon.net CnC Architecture Botmaster C & C Bots

nullcon Goa 2010http://nullcon.net P2P Architecture Botmaster C & C Bots

nullcon Goa 2010http://nullcon.net Concerning factors Complexity of the Internet. Shortest compromise time: few secs.. Extradition issues and different laws of different countries.. Easy to escape detection techniques by new encryption types.(MD6 encryption: Conficker)

nullcon Goa 2010http://nullcon.net Concerning factors Courtesy: McAfee

nullcon Goa 2010http://nullcon.net Concerning factors

nullcon Goa 2010http://nullcon.net Concerning factors

Protection Detection Remediation nullcon Goa 2010http://nullcon.net

nullcon Goa 2010http://nullcon.net Detection Nepenthes HoneyBow Observe the behavior of bots Network based behavior: Host-based behavior Bothunter: Vertical Correlation. Correlation on the behaviors of single host. Botsniffer: Horizontal Correlation. On centralized C&C botnets Botminer: Extension on Botsniffer, no limitations on the C&C types.

nullcon Goa 2010http://nullcon.net Protection Honeynets IDS Snort Tripwire OurMon CWSandbox Current Mitigation efforts:

nullcon Goa 2010http://nullcon.net Current Mitigation effort Current Mitigation efforts:

nullcon Goa 2010http://nullcon.net Botnet Monitoring System: Current Mitigation efforts:

Some current cases Torpig Conficker A current flash 0day attack. nullcon Goa 2010http://nullcon.net

Torpig details nullcon Goa 2010http://nullcon.net

nullcon Goa 2010http://nullcon.net Conclusion Bots pose a threat to individuals and corporate environments Use: DDoS attacks, to spam, steal, spy, hack, … Defense: Prevention- Honeypots, IPS, N/w analysis tools Detection: IDS, analysis tools Management: Understanding security failures is much like anticipating that houses catch on fire and smoke detectors save lives. Current Mitigation efforts:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.