Presentation is loading. Please wait.

Presentation is loading. Please wait.

Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II.

Published byLewis Glenn Modified over 9 years ago

Similar presentations

Presentation on theme: "Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II."— Presentation transcript:

1 Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II

2 Outline Botnats SHADOW SERVER Investigating The Botnat World Further Work Conclusion 2015/11/10 2

3 Botnats (1/3) The earliest malware damaging system printing taunting messages Traditional computer viruses Self-copy themselves. Trojan horses. Worms Scanning and infecting. 2015/11/10 3

4 Infection DDoS attacks Spamming Espionage Proxies Clickthrough Fraud Botnats (2/3)

5 Botnats (3/3) The Underground Economy Hidden social network of cybercriminals. sell their services Spammers Bot-herders Malware authors Criminals gather Many botnets are actually rented to other criminal organizations phish attacks stock market pump-and-dump 2015/11/10 5

6 SHADOW SERVER (1/2) ShadowServer Nonprofit group. Honeypots Passively collect malware. Malware Analysis Passive:  AntiVirus engines. Active:  Sandbox.  Execute untrustworthy malicious code 2015/11/10 6

7 SHADOW SERVER (2/2) Snooping Newlydiscovered IRC networks Records all IRC traffic. The IRC logs are analyzed  Pattern-matching signature system, 2015/11/10 7

8 Investigating The Botnat World (1/9) Dataset Processing 2015/11/10 8 ID: C&C ID nickmane:IP:

9 Investigating The Botnat World (2/9) Classify known command strings DDoS command. Infection event. Password-theft event. Signature system Analyzed and classified Produced a compendium of what events 2015/11/10 9

10 Investigating The Botnat World (3/9) 1. Nickname Enumeration: Random numeric ID Dictionary Signature system Bot command strings Produced a sanitized list 2015/11/10 10

11 Investigating The Botnat World (4/9) 2. Drone Counting A simple approach state tracked in a lookup table A population counter A more refined approach IRC event Snoops channel. 2015/11/10 11

12 Investigating The Botnat World (5/9) 2015/11/10 12 600 400 200 白天 晚上 Bot, population Time

13 Investigating The Botnat World (6/9) Key Players The botnet herders by counting their controlled C&C Detect other’s botnet C&C channels Subvert their security mechanisms. 2015/11/10 13

14 Investigating The Botnat World (7/9) Criminal Social Network Analysis community structure All pre-filtered ”human” nicknames C&C channel. Any two nodes found collaborating Weights were assigned to the edges Jaccard metric measuring 2015/11/10 14

15 Investigating The Botnat World (8/9) Hierarchical agglomerative clustering algorithm minimum similarity of 50%. 957 nicknames. 104 clusters 2015/11/10 15

16 Investigating The Botnat World (9/9) Of the 104 clusters C : C&C D : DDoS B : Bot P : Victim passwords 2015/11/10 16 clusters

17 Further Work Many herders will use close variations of a similar nicknames. Profile behavioral characteristics of herders. hierarchical clustering Biclustering or hyperGraph  nicknames and channels. To better profile the DDoS attack motivations DDoS targets must be individually scrutinized.  IP addresses could be correlated with latitude and longitude 2015/11/10 17

18 Conclusion Recent years to encompass world-influencing crimes Tracking these miscreants and their botnets will become more and more challenging. individuals to secure themselves ShadowServer hopes to assist in whatever way we can to make the internet a safer place. 2015/11/10 18

19 END 2015/11/10 19

Download ppt "Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak

Similar presentations

Ads by Google