Академический Документы
Профессиональный Документы
Культура Документы
By
Shreyas Sali
Botnet Terminology
Bot Herder (Bot Master)
Bot
Bot Client
IRC Server
Command and Control Channel (C&C)
Page 3
Introduction to Botnet (Terminology)
IRC Server
IRC Channel
Code Server
Bot Master
IRC Channel
C&C Traffic
Updates
Attack
Victim
Bots
Page 4
Botnet Life-cycle
Page 5
Botnet Life-cycle
Page 6
Botnet Life-cycle
Page 7
Botnet Life-cycle
Page 8
Botnet In Network Security
Page 9
Botnet is Used For
Windows Honeypot
Honeywall Responsibilities:
DNS/IP-address of IRC server and port number
(optional) password to connect to IRC-server
Nickname of bot
Channel to join and (optional) channel-password
Page 13
Botnet Detection: Setting up Honeynets
Bot Sensor
1. Malicious Traffic
Mining based:
Botnet C&C traffic is difficult to detect
Anomaly based techniques are not useful
Data Mining techniques Classification, Clustering
Page 16
Botnet Detection
Page 17
Preventing Botnet Infections
Use a Firewall
Page 18
Botnet Research
Page 19
Botnet Research: Monitoring Attacker
Infected Hi!
IRC Herder
Researcher
Page 20
Conclusion
Botnets pose a significant and growing threat against cyber
security
Page 21
References
B. Saha and A, Gairola, Botnet: An overview, CERT-In White PaperCIWP-2005-05, 2005
Peer to Peer Botnet detection for cyber-security: A data mining approach - ACM Portal
Mohammad M. Masud, Jing Gao, Latifur Khan, Jiawei Han, Bhavani Thuraisingham
A Survey of Botnet and Botnet Detection Feily, M.; Shahrestani, A.; Ramadass, S.;
Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third
International Conference on Digital Object Publication Year: 2009 , Page(s): 268 273 IEEE
CONFERENCES
Honeynet-based Botnet Scan Traffic Analysis Zhichun Li, Anup Goyal, and Yan Chen
Northwestern University, Evanston, IL 60208
Detecting Botnets Using Command and Control Traffic AsSadhan, B.; Moura, J.M.F.;
Lapsley, D.; Jones, C.; Strayer, W.T.; Network Computing and Applications, 2009. NCA 2009.
Eighth IEEE International Symposium. Publication Year: 2009 , Page(s): 156 162 IEEE
CONFERENCES
Spamming botnets: signatures and characteristics Yinglian Xie, Fang Yu
Page 22
Page 23
Page 24