Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,

Published byAsher O’Neal’ Modified over 9 years ago

Similar presentations

Presentation on theme: "A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,"— Presentation transcript:

1 A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu, Peng Liao, Chaoge Liu, Xiang Cui - Computer Science and Automation Engineering (CSAE), 2011 IEEE International Conference Speaker : Yi-Ting Tsai Date : 102.11.7

2 Outline  Centralized Botnet  P2P Botnet  Hyprid P2P Botnet  Hierechical hybrid Botnet  Robustness Simulation  Defense against the proposed Botnet  Conclusion

3 Botnet Botmaster C&C Server Bot 1/14

4 Centralized Botnet x Characteristics: relay on C&C Servers x Weakness: single-failure x Example: AgoBot, SDBot, SpyBot 2/14

5 P2P Botnet x Kademlia-based protocol x random probing protocol x Bootstrap failure x Extensive abnormal traffic 3/14 x Example : Slapper botnets x Example : Sinit botnets -- x Sybil attack

6 -- Hyprid P2P Botnet x servent bots : static global IP x slave bots : dynamic private IP Servent bots IP Peer list --------- Slave bots (client) Servent bots (server+client) -- -- -- -- -- -- x Weakness: x Sybil attack x communication between clients 4/14

7 Hierechical hybrid Botnet 1. Resolve -- x Sybil attack x communication between clients 2. Difficult to be shut down 3. Keep botnet under control 5/14 Slave bots (client) Servent bots (server+client)

8 No Sybil attack Advanced bootstrap process No detect No hijacking 0 failure Poll succeed 1 failure Poll fail Poll succeed 2 failure Poll fail Poll succeed N-1 failure N failure Delet e Poll fail 0 failure 1 failure 2 failure N-1 failure N failure 6/14 0 failure

9 Peer list 0 failure 1 failure N failure.. 7/14 No Sybil attack Advanced bootstrap process No detect No hijacking

10 Peer list 0 failure 1 failure N failure.. Random service port || Perfect ! + Data encryption 8/14 No Sybil attack Advanced bootstrap process No detect No hijacking

11 x Communication Encryption x Command Authentication x One-time padding x Private key signature Public key 9/14 Private key No Sybil attack Advanced bootstrap process No detect No hijacking

12 Robustness Simulation Definition : the probability that a botnet remains connected together after a fraction of bots are removed. 10/14 G = ( V, E ) V : bots

13 Simulation settings  igraph library  Network Workbench Tool 11/14

14 Peer list size and Robustness Servent bots : 25% Maximum size of botnets : 10000 Bots to removed ( P ) = 95% 12/14

15 Defense against the proposed Botnet A.Host-based Detection Signature-based malware detection Behavior-based detection 13/14 B.Honeypot-based Monitoring

16 Conclusion x Hierarchical hybrid p2p botnet x an advanced peer list x It can defend against Sybil attacks x Weakness : x very high complexity x very high latency 14/14

Download ppt "A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,"

Similar presentations

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Networking, Sensing and Control (ICNSC), 2013 10th IEEE International Conference on 102064535 黃川洁 1/25.

Networking, Sensing and Control (ICNSC), th IEEE International Conference on 黃川洁 1/25.
SOCELLBOT: A New Botnet Design to Infect Smartphones via Online Social Networking 2012 25 th IEEE Canadian Conference on Electrical and Computer Engineering(CCECE)

SOCELLBOT: A New Botnet Design to Infect Smartphones via Online Social Networking th IEEE Canadian Conference on Electrical and Computer Engineering(CCECE)
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Threat infrastructure: proxies, botnets, fast-flux

Threat infrastructure: proxies, botnets, fast-flux
SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.

SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.
2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
11 Active Botnet Probing to Identify Obscure Command and Control Channels G Gu, V Yegneswaran, P Porras, J Stoll, and W Lee - on Annual Computer Security.

11 Active Botnet Probing to Identify Obscure Command and Control Channels G Gu, V Yegneswaran, P Porras, J Stoll, and W Lee - on Annual Computer Security.

Similar presentations

Ads by Google