Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Published byHubert Perkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department."— Presentation transcript:

1 Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department of Computing, Macquarie University, Australia Reporter: 游明軒

2 Outline  Introduction  API Verifier  Security analysis  Conclusion & discussion

3 Introduction  Web 2.0  Blog, RSS, Social networking sites, etc.  Web based bots  Use web 2.0 service as a C&C channel  Instead of traditional bots sitting on IRC channel, the connections between web based bots are not permanent  The authors implement a tool, API Verifier, to detect web based bots

4 Web based botnet

5 Botnet detection methods  Analysis of network traffic flows  Network traceback  Honeypots  These techniques do not cover web based botnet because the bot activities are indistinguishable and legitimate users and websites

6 API Verifier  Motivation  Because a web based bot must use Web 2.0 service APIs, API Verifier is implemented to verify whether a user is a person or a bot  Approach  Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)  MAC address as identifier

7 API Verifier - architecture  Components  API Verifier Client  API Verifier Server

8 API Verifier - functionality  Authentication  User profile  Session key  Encrypt MAC address  Be generated independently each time when an API call is made  Permanent MAC address  CAPTCHA verification

9 API Verifier – work flow

10 Security analysis  Spoofing MAC address  API Verifier Client fraud  DDoS attack  By-passing CAPTCHA verification

11 Spoofing MAC address  Change MAC address (1a)  Hijacking OS kernel and modifying the OS communication with NIC is expensive  Cause the high risk of being detection  Change the encrypted MAC address (1b)  session key is generated each API call and is a combination of the secret key and a time token

12 API Verifier Client fraud  It is hard to recover the secret key of the API Verifier Client  AES 128-bit  it is hard to disassemble the API Verifier Client  Obfuscation technique

13 DDoS attack  Set limit on the number of verification attempts  Finite times to solve CAPTCHA  A time interval for next MAC address verification

14 By-passing CAPTCHA verification  Analyze the picture and extract characters on the image  send the image to attacker to solve it

15 System short coming  API Verifier cannot get permanent MAC address on virtual machine

16 Conclusion & discussion  Propose a novel approach against web based botnet. The main concept is to identify whether a user is a person or a bot  Implement a system, API Verifier, to detect the bots before they access to web service API  For security, the authors consider all possible attacks and defend  DDoS attack issue still exists  Lack for a convincing proof of statistics in real world

17 Thanks

Download ppt "Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

Similar presentations

Ads by Google