Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling Botnet Propagation Using Time Zones

Published byRosamund Hodges Modified over 6 years ago

Similar presentations

Presentation on theme: "Modeling Botnet Propagation Using Time Zones"— Presentation transcript:

1 Modeling Botnet Propagation Using Time Zones
Published by: Cliff Zou, David Dagon, Wenke Lee Presentation by: Corey Kuwanoe

2 Outline Background Data Collection Model Experiments Practical Usage
Time Zone Diurnal Experiments Practical Usage

3 Background Botnets

4 Background (cont.) Heterogeneous Victims obtained through Viruses
Worms Trojans

5 Data Collection Command and Control Servers Honeypots DNS manipulation

6 Time Zone Modeling Diurnal Shaping Function (t)
Fraction of vulnerable computers online at time t Periodical function 24 hr period

7 Diurnal Model for Single Time Zone
I(t) Number of infected hosts S(t) Number of vulnerable hosts N(t) Number of hosts that were originally vulnerable

8 Diurnal Model for Single Time Zone (cont.)
I’(t) (t)I(t) # of online infected hosts S’(t) (t)S(t) # of online vulnerable hosts N’(t) (t)N(t) # of online hosts from N(t)

9 Diurnal Model for Single Time Zone (cont.)
Worm propagation dynamics Worm propagation diurnal model  = proportion of scan rate / ip space  = removal parameter

10 Diurnal Model for Single Time Zone (cont.)

11 Diurnal Model for Multiple Time Zones
Groups 24 groups for 24 hours

12 Experiments Botnet Grouping 350k members Random scanning Single Domain
North America Asia Europe

13 Experiments (cont.)

14 Experiments (cont.)

15 Experiments (cont.)

16 Experiments (cont.) Automatically derive (t)
Break down botnet traffic by region Process regional data Split dataset into segments Normalize data in segments Average data in segments Remove monitor noise Normalize result Place (t) in database

17 Experiments (cont.)

18 Practical Uses Time for releasing a worm Predict future propagation

19 Practical Uses (cont.)

20 Practical Uses (cont.)

21 Practical Uses (cont.)

22 Practical Uses (cont.) Successfully predicts dynamics of botnets
Not infected populations

23 Contributions Simple and intuitive model
Accurate predictions of future propagation

24 Weaknesses Only accurate for scanning worms
worms/viruses pose a problem to model Predictions are only good for a limited amount of time Does not address multiple infection vectors

Download ppt "Modeling Botnet Propagation Using Time Zones"

Similar presentations

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.

Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
On the Feasibility of Large-Scale Infections of iOS Devices

On the Feasibility of Large-Scale Infections of iOS Devices
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts

Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
1 Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Speaker: Jun-Yi Zheng 2010/03/29.

1 Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Speaker: Jun-Yi Zheng 2010/03/29.
Detecting Botnets 1 Detecting Botnets With Anomalous DNS Traffic Wenke Lee and David Dagon Georgia Institute of Technology College of Computing {wenke,

Detecting Botnets 1 Detecting Botnets With Anomalous DNS Traffic Wenke Lee and David Dagon Georgia Institute of Technology College of Computing {wenke,
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Similar presentations

Ads by Google