Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas.

Published byBritney Pitts Modified over 8 years ago

Similar presentations

Presentation on theme: "Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas."— Presentation transcript:

1 Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas Moser, Technical University Vienna Engin KirdaEngin Kirda, Institute Eurecom ACSAC Dec 2009 A Presentation at Advanced Defense Lab

2 Outline Introduction Data Collection Data Analysis Evaluation Related Work Conclusions Advanced Defense Lab2 http://maliciousnetworks.org

3 Introduction Bullet-proof hosting (Ex. RBN) Criminals’ fear Usage Mechanism (malscore) Key: longevity Advanced Defense Lab3

4 Data Collection – Botnet C&C Tool [Anubis]Anubis IRC-based botnets HTTP-based botnets Pushdo Cutwail Advanced Defense Lab4

5 Data Collection – Drive-by- Download Hosting Providers Tool [Wepawet]Wepawet Computer Security Company [Spamcop]Spamcop Capture Honey Pot Client (HPC) VMs (Windows XP without updates) Advanced Defense Lab5

6 Data Collection – Phish Hosting Providers Tool [PhishTank]PhishTank Threshold Time – One week Advanced Defense Lab6

7 Data Analysis Time will tell between the rogue and legitimate networks. Advanced Defense Lab7

8 Data Analysis Advanced Defense Lab8

9 Data Analysis Advanced Defense Lab9

10 Data Analysis Advanced Defense Lab10

11 Data Analysis Threshold – δ IPs that are active less than δ are discarded. Apply to Botnet phishing Advanced Defense Lab11

12 Malscore Computation Once per day, FIRE produces 3 lists Li. The issue of “Size” of an AS. Cooperative Association for Internet Data Analysis Advanced Defense Lab12

13 Evaluation - Correctness Advanced Defense Lab13 [ShadowServer Foundation]ShadowServer Foundation [Google’s Safe Browsing]Google’s Safe Browsing [ZeusTracker]ZeusTracker

14 Evaluation - Completeness What we missing ? Advanced Defense Lab14

15 Choosing Fine Threshold Advanced Defense Lab15

16 No Threshold Required Advanced Defense Lab16

17 Choosing Fine Parameter - C Advanced Defense Lab17

18 Related Work The Road of the King Distinguish between compromised and deliberately malicious networks. Identify networks that are operated by criminals. Different filtering techniques Advanced Defense Lab18

19 Conclusions A novel system to automatically identify and expose organizations and ISPs that demonstrate persistent, malicious behavior. Refine the collected data and correlate it to deduce the level of maliciousness for the identified networks. Advanced Defense Lab19

20 Thank You Advanced Defense Lab20

Download ppt "Brett Stone-GrossBrett Stone-Gross, Christopher Kruegel, Kevin AlmerothChristopher KruegelKevin Almeroth University of California, Santa Barbara Andreas."

Similar presentations

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Sean Ford, Macro Cova, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara ACSAC 2009.

Sean Ford, Macro Cova, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara ACSAC 2009.
The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.

The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.
Your Botnet is My Botnet: Analysis of a Botnet Takeover

Your Botnet is My Botnet: Analysis of a Botnet Takeover
Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.

Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.
S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.

S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.
How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.

How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.
Project 4 U-Pick – A Project of Your Own Design Proposal Due: April 14 th (earlier ok) Project Due: April 25 th.

Project 4 U-Pick – A Project of Your Own Design Proposal Due: April 14 th (earlier ok) Project Due: April 25 th.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks 2011.11.28 Jeong Min, Lee KISA.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.
Automatically Generating Models for Botnet Detection Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda Vienna University.

Automatically Generating Models for Botnet Detection Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda Vienna University.
Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.

Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
Cloud Computing Introduction to China-cloud Project and Related Works in JSI Yi Liu Sino-German Joint Software Institute, Beihang Univ. May 2011.

Cloud Computing Introduction to China-cloud Project and Related Works in JSI Yi Liu Sino-German Joint Software Institute, Beihang Univ. May 2011.

Similar presentations

Ads by Google