Upload File

introduction to botnet

19
PRESENTATION ON BOTNET

Upload: yogendra-singh

Post on 22-Nov-2014

233 views

Category:

Engineering


0 download

Report

DESCRIPTION

a brief description about bot nets and working of Bots

TRANSCRIPT

Page 1: introduction to Botnet

PRESENTATIONON

BOTNET

Page 2: introduction to Botnet

OUTLINE

Introduction to Botnet Botnet Life-cycle Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion

Page 3: introduction to Botnet

INTRODUCTION

A Botnet is a network of compromised computers under the control of a remote attacker

controller of a botnet is able to direct the activities of these compromised computers

Botnet Terminology Bot Herder (Bot Master) Bot Bot Client IRC Server Command and Control Channel (C&C)

Page 4: introduction to Botnet

INTRODUCTION TO BOTNET(TERMINOLOGY)

IRC ChannelIRC Server

Code Server

IRC ChannelC&C Traffic

Updates

Victim

Attack

Bot Master

Page 5: introduction to Botnet

BOTNET LIFE-CYCLE

Page 6: introduction to Botnet

BOTNET LIFE-CYCLE

Page 7: introduction to Botnet

BOTNET LIFE-CYCLE

Page 8: introduction to Botnet

BOTNET LIFE-CYCLE

Page 9: introduction to Botnet

BOTNET IN NETWORK SECURITY

Internet users are getting infected by bots Many times corporate and end users are

trapped in botnet attacks Today 16-25% of the computers connected to

the internet are members of a botnet In this network bots are located in various

locations It will become difficult to track illegal

activities This behavior makes botnet an attractive

tool for intruders and increase threat against network security

Page 10: introduction to Botnet

BOTNET IS USED FOR-

Bot MasterMoney

Page 11: introduction to Botnet

HOW BOTNET IS USED??

Distributed Denial of Service (DDoS) attacks

Sending Spams Phishing Addware Spyware Click Fraud

Page 12: introduction to Botnet

BOTNET DETECTION

Two approaches for botnet detection based on

Setting up honeynets Passive traffic monitoring

Signature based Anomaly based DNS based

Page 13: introduction to Botnet

BOTNET DETECTION:SETTING UP HONEYNETS

Windows Honey pot

Honeywall Responsibilities:

DNS/IP-address of IRC server and port number(optional) password to connect to IRC-serverNickname of botChannel to join and (optional) channel-password

Page 14: introduction to Botnet

BOTNET DETECTION:SETTING UP HONEYNETSBot

1. Malicious Traffic

Sensor

3. Authorize2. Inform bot’s IP

Bot Master

Page 15: introduction to Botnet

BOTNET DETECTION:TRAFFIC MONITORING

Signature based: Detection of known botnets

Anomaly based: Detect botnet using following anomalies

High network latency High volume of traffic Traffic on unusual port Unusual system behaviour

DNS based: Analysis of DNS traffic generated by botnets

Page 16: introduction to Botnet

BOTNET DETECTION

Determining the source of a botnet-based attack is challenging:

Traditional approach:Every zombie host is an attackerBotnets can exist in a benign

state for an arbitrary amount of time before they are used for a specific attack

New trend: P2P networks

Page 17: introduction to Botnet

PREVENTING BOTNET INFECTIONS

Use a Firewall

Use Antivirus (AV) software

Deploy an Intrusion Prevention System (IPS)

Define a Security Policy and

Share Policies with your users systematically

Page 18: introduction to Botnet

CONCLUSION

Botnets pose a significant and growing threat against cyber security

It provides key platform for many cyber crimes (DDOS)

As network security has become integral part of our life and botnets have become the most serious threat to it

It is very important to detect botnet attack and find the solution for it

Page 19: introduction to Botnet

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

A new way to prevent Botnet Attack

Botnet Infiltration

Resilient Botnet Command and Control with Tor - Dennis Brown - Botnet...Overview Focus on botnet command and control Case studies using Zeus and IRC bots Techniques to use Tor to anonymize

Towards Incentivizing ISPs To Mitigate Botnets · Towards Incentivizing ISPs To Mitigate Botnets ... Moura Towards Incentivizing ISPs To Mitigate Botnets. ... botnet is my botnet:

Botnet hálózatok jellemzői, a Zeus botnet valós képességei, lehetőségei

Botnet Classification

Botnet Architecture

Roadrunners Botnet

Botnet detection using correlated anomalies · deals with machine learning techniques and algorithms used for training botnet ... Botnet detection faces a number of ... Botnet detection

Abuse Situation Awareness (Introduction)...botnet inspired AbuseHelper is an XMPP-driven technology, a benign botnet to fight malicious botnets. streaming architecture Data is collected

רשתות BOTNET

Your Botnet is My Botnet: Analysis of a Botnet Takeover · vice (DNS), as bots typically resolve domain names to connect to their command and control infrastructure. Therefore, by

ML Approaches to P2P Botnet Detection

How to confuse a port scanner - icecube.wisc.edumnewcomb/cs838-zmap.pdf · Your botnet is my botnet: analysis of a botnet takeover CCS '09 Proceedings of the 16th ACM conference on

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

Your Botnet is My Botnet : Analysis of a Botnet Takeover

Botnet ppt

Botnet Dection system. Introduction Botnet problem Challenges for botnet detection

Mariposa Botnet

Your Botnet is My Botnet: Analysis of a Botnet Takeover · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

Your Botnet is My Botnet: Analysis of a Botnet Takeover · our results to IP-based techniques that are commonly used to esti-mate botnet populations. Second, Torpig is a data harvesting

Big Data Analytics framework for Peer-to-Peer Botnet ... · Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests ... Botnet detection Machine learning

Botnet detection using correlated anomalies · botnet detection we need to get a clear understanding of the behavior of botnet malware on an infected host. Several techniques exists,

About Botnet, and the influence that Botnet gives to broadband ISParchive.apnic.net/meetings/22/docs/apops-pres-akai... · Japanese carriers fight against Botnet • A company’s

Botnet Tutorial - · PDF fileBotnet Tutorial Warning: This guide will show you how to create your own botnet. Maintaining a botnet and getting caught can lead to jail time

Network Based Peer-To-Peer Botnet Detection - irjet.net · Key Words: Botnet, Netflow, Nfdump, Nfsen, P2P Botnet, Zbot 1. INTRODUCTION We live in a world where computer technology

BotNet Detection: Enhancing Analysis by Using Data …cdn.intechopen.com/...Botnet_detection_enhancing_analysis_by_using... · According to the US FBI and public ... BotNet Detection:

Botnet slide

Tracing Botnet in Taiwan - FIRST Botnet Analysis Module (BAM) – C&C Tracer – Botnet Tracer The Botnet in Taiwan – Case Study Ⅰ IRC Botnet ... Tracing Botnet in Taiwan Author:

Botnet Tutorial

Spamhaus Botnet Threat Report 2019 - Amazon Web Services...Malware associated with botnet C&Cs in 2018 5 ... SPAMHAUS BOTNET THREAT REPORT 2019. Welcome to the Spamhaus Botnet Threat

Conficker Botnet

Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"