Presentation is loading. Please wait.

Presentation is loading. Please wait.

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Published byMadlyn Gallagher Modified over 6 years ago

Similar presentations

Presentation on theme: "Speaker : YUN–KUAN,CHANG Date : 2009/11/17"— Presentation transcript:

1 Speaker : YUN–KUAN,CHANG Date : 2009/11/17
The Activity Analysis of Malicious HTTP-based Botnets using Degree of Periodic Repeatability Speaker : YUN–KUAN,CHANG Date : 2009/11/17

2 Outline Introduction Related Work History of Malicious Bots
Detection Methods Based on DNS Traffic Detection of Malicious HTTP Botnets BlackEnergy Degree of Periodic Repeatability Future Work Conclusion

3 Introduction The malicious botnets which have been organized and developed fast are the most dangerous on Internet environment. Becomes a malicious network with more than 400 thousand bots. Some representative studies on detection of malicious botnets are depended on analysis DNS queries. We will make it clear where malicious HTTP bots are different from normal users using degree of periodic repeatability.

4 Related Work We explain history of malicious bots and botnets and study detection methods in DNS traffic.

5 History of Malicious Bots 1/2
In the beginning, bots and botnets were legitimate tools mainly used for functional purposes. Botnets are the melding of many threats into one. They are becoming a major tool for cybercrime. They are called Swiss Army knives of the underground economy with this reason.

6 History of Malicious Bots 2/2

7 Detection Methods Based on DNS Traffic
Some existing detection methods are based on analysis of DNS queries which are sent from bots to DNS server whenever bots connect to a C&C server and attack to a target. Choi [5] proposed the botnet detection by monitoring group activities in DNS traffic.

8 Detection of Malicious HTTP Botnets
Typical IRC bot, maintains connection and doesn’t reconnect after the first connecting to a C&C server . BlackEnergy that is analyzed in this study is similar to that. Bots which are generated via BlackEnergy bot builder of a botmaster take two C&C servers.

9 BlackEnergy 1/3 BlackEnergy is an HTTP-based botnet used primarily for DDoS attacks by the Russian hacker underground.

10 BlackEnergy 2/3

11 BlackEnergy 3/3 Bots of BlackEnergy are connected to a C&C server again and again to get a new command of botmaster like other malicious HTTP botnets.

12 Degree of Periodic Repeatability 1/3
The repeatability is the variation in measurements taken by a single person or an instrument on the same item under the same conditions. This repeatability standard deviation represents degree of periodic repeatability between HTTP clients and HTTP servers.

13 Degree of Periodic Repeatability 2/3

14 Degree of Periodic Repeatability 3/3

15 Future Work We will study other malicious HTTP botnets and other feature vectors (e.g., HTTP request crowd and payload). Also we consider related works that payload-based anomaly detection systems .

16 Conclusion Many studies have been advanced to detect malicious botnets which is a menace to Internet. Methods of analyzing DNS queries to detect malicious botnets are not efficient . As the results, we have found that difference of degree of periodic repeatability between malicious HTTP bots and normal users. This result means that this study is efficient to detect malicious HTTP botnets.

Download ppt "Speaker : YUN–KUAN,CHANG Date : 2009/11/17"

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,

A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.
SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Similar presentations

Ads by Google