Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM.

Published byMarjorie Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM."— Presentation transcript:

1 Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM

2 OUTLINES Botnet Introduction Botnet Demonstrations Defending Botnet Attacks Cyber-Physical System (CPS) Introduction Simulation of Botnet Attacks on CPS

3 WHAT IS A BOTNET Virus: Self reproduce quickly in one computer Trojan horse: Hide themselves as safe files Worm: Propagate through internet quickly Remote Control Software: Legal, desktop user Botnet: Integration of all above

4 HOW A BOTNET WORKS Zombie: Student John Botmaster: Prof. Smith Bot: Final Project

5 HOW A BOTNET WORKS Ordinary User: Other Students Victim: Dean C&C Server: Coordinator

6 INFECTION

7 PROPAGATION

8 ATTACK COMMAND

9 ATTACK

10 SPAM E-MAIL

11 INFORMATION THEFT

12 DDOS

13 BOTNET HISTORY Botnets are big business! Date arrivedEstimate no.Spam capacityName 2006(around)150,00030 billion/dayRustock 2007(March)450,00060 billion/daySrizbi 2008(November)10,500,000++10 billion/dayConficker 2009(around)560,00039.9 billion/dayGrum

14 14 botmaster 192.168.3.203 Reflection Server huigezi.3322.org 192.168.2.55 Download bot 192.168.4.201 huigezi.3322.org 192.168.4.202192.168.4.203192.168.4.204192.168.4.205192.168.4.206192.168.4.207192.168.4.208192.168.4.209 All zombies are waiting for control command from botmaster! huigezi.3322.org Download bot Scan Scanning Scan Command Attack Connection Victim Wire Gpigeon Botnet DDoS Attack Scenario Browse malicious website Webpage Trojan Server DNS Server 202.117.0.20 Domain Name Provider www.3322.org Update bot 192.168.2.55 ftp://192.168.2.55/ip.txt 192.168.3.203 Log in Update ip.txt Update domain name Scan

15 P2P BOTNET To avoid single point of failure Botmaster encrypts commands using private key Zombies decrypt them using public key

16 COUNTERMEASURES 12/4/2012 FALL 2012 CS388 MODEL-INTEGRATED COMPUTING - FINAL PRESENTATION 16 Honeypot – Know your Enemy Modeling of Honeynet to defend Botnet attacks using GME

17 REMOTE CONTROL DEMO Remote Control Tool: Gpigeon Platform: Vmware Attack: Information Theft

18 DDOS DEMO DDoS tools: TFN2K, TRINOO Platform: Deterlab Attack: TCP SYN flood, UDP flood, ICMP flood

19 WHAT IS NETWORK SIMULATION Real life Simulated life

20 WHY SIMULATION It is not practical to conduct controlled experiments directly on the network Real-system not available, is complex/costly or dangerous Quickly evaluate design alternatives Remove uncertain factors

21 NS ADVANTAGES Low cost(sometimes) Debug Variables

22 NS DRAWBACKS Reflect reality? Maybe slow Uncertain factor

23 CYBER-PHYSICAL SYSTEM(CPS) Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core. This intimate coupling between the cyber and physical will be manifested from the nano-world to large-scale wide-area systems of systems. And at multiple time-scales. transform how we interact with the physical world

24 HEALTHCARE SYSTEMS

25 HEALTHCARE SYSTEMS CON. In this case, we combine the network with the real device to build the a small cyber physical system, to simulate the scenario that operating room connect with the doctor and the hospital’s server.

26 OMNET++ OMNeT++ is an extensible, modular, component-based C++ simulation library and framework, primarily for building network simulators. “Network” is meant in a broader sense that includes wired and wireless communication networks, on-chip networks, queueing networks, and so on. Domain-specific functionality such as support for sensor networks, wireless ad-hoc networks, Internet protocols, performance modeling, photonic networks

27 INET FRAMEWORK It is a networks simulation package for OMNet++ It contains models for several wired and wireless networking protocols, including UDP, TCP, SCTP, IP, IPv6, Ethernet, PPP, 802.11, MPLS, OSPF, etc. Body Area Networks, low-power embedded devices

28 PLATFORM IMPLEMENTATION

29 SIMPLE MODULE Attacker CommandAndControl Zombie1-10 VictimHospital Operatingroom1-3

30 ATTACK STEPS Step1: Build botnet Step2: Make command Step3: Start SYN flood attack Step4: Crash the hospital server

31 FUTURE GOAL

32

Download ppt "Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM."

Similar presentations

By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,

A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Network Analyzer Example

Network Analyzer Example
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni

Similar presentations

Ads by Google