Real-Time Botnet Command and Control Characterization at the Host Level 2013.10.24 JHEN-HUANG Gao.

Slides:

Advertisements

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Advertisements

MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Active Botnet Probing to Identify Obscure Command and Control Channels Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee Georgia.

Title of Presentation Author 1, Author 2, Author 3, Author 4 Abstract Introduction This is my abstract. This is my abstract. This is my abstract. This.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Threat infrastructure: proxies, botnets, fast-flux

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

BotNet Detection Techniques By Shreyas Sali

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

1 An Advanced Hybrid Peer-to-Peer Botnet Ping Wang, Sherri Sparks, Cliff C. Zou School of Electrical Engineering & Computer Science University of Central.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Identification of Bot Commands By Run-time Execution Monitoring Younghee Park, Douglas S. Reeves North Carolina State University ACSAC

Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

A MULTIFACETED APPROACH TO UNDERSTANDING THE BOTNET PHENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose & Andreas Terzis IMC’06.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

Host and Application Security Lesson 17: Botnets.

Web Botnet Detection Based on Flow Information Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai, National Sun Yat –Sen University,IEEE 2010.

Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.

Chien-Chung Shen Bot and Botnet Chien-Chung Shen

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

BotCop: An Online Botnet Traffic Classifier 鍾錫山 Jan. 4, 2010.

Title:___________________________________________________ Author:_________________________________________________ Place photo here.

Title Authors Introduction Text, text, text, text, text, text Background Information Text, text, text, text, text, text Observations Text, text, text,

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

© ETH Zürich | ID-KOM/NSG Simple Anomaly Detection via Netflows.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Test Title Test Content.

Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

YOUR TITLE Your Name (Dr. Your Sponsor, Sponsor)

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Title of the presentation

TITLE Authors Institution RESULTS INTRODUCTION CONCLUSION AIMS METHODS

Midterm 2 Exam Review Release questions via webcourse “assignment” around 2pm, Wednesday Mar. 28th, due via webcourse at 2pm, next day Submit format: Word.

مناهــــج البحث العلمي

Put your name here Name of the Department, School or College

Offense Questions: Botnet detection

Put your name here Name of the Department, School or College

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee

Put your name here Name of the Department, School or College

(can use two lines for Title if needed)

Title of The Study Authors & Affiliations

Type your presentation title here

Title Introduction: Discussion & Conclusion: Methods & Results:

Type your title here Type author Names here *Affiliation 1

Botnet Detection by Monitoring Group Activities in DNS Traffic

Put your name here Department of What, School or College

Author, Author, Author, Author and Author Institute Name

Presented by Aaron Ballew

ISASTECH PAPER TITLE ABSTRACT

Author’s Name(s) and Affiliation(s)

Conclusion & Discussion Research purposes/ Research hypothesis

Presentation transcript:

Real-Time Botnet Command and Control Characterization at the Host Level JHEN-HUANG Gao

 Title:  Real-Time Botnet Command and Control Characterization at the Host Level  Author & Institution :  Farhood Farid Etemad  Payam Vahdani  Publication:  6'th International Symposium on Telecommunications  Year: 2012  Cited (Google): 0 Basic Information 1/7

 Introduction  Architecture  Detect bot  Real – Time Filtering  Conclusion Outline 2/7

 Botnet 、 other kind of malwares  C&C is centralized or decentralized  Botnet can cause many problem  Normal solution Introduction 3/7

 IRC protocol string  NICK 、 PASS 、 USER 、 JOIN 、 PRVIMSG 、 OPER 、 MOTD  ex Get me the file “website.html” ClientSever “Here is the file” followed by the file’s content  HTTP protocol  GET 、 POST 、 HEAD Architecture 4/7

 IRC PART  Td>Tdh ： normal IRC  Td<Tdh ： malicious IRC  HTTP PART Detect bot 5/7

 Filtering malicious traffic after detection Real – Time Filtering 6/7

 Real-time‘s method :  Advantage  Find bot immediately  Simple to use  Weakness  Can’t be use on decentralized Conclusion 7/7

THANK YOU