Study on Botnet Architecture
Upcoming SlideShare
Loading in...5

Like this? Share it with your network

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. A STUDY ON BOTNET ARCHITECTURE Seminar Guide, SHIBU V.S Asst.Professor By, BINI B.S M1,CSE 1
  • 2. Overview Introduction How Botnet Works Botnet Life Cycle Botnet Architecture Centralized Botnet Architecture. Peer to Peer Botnet Architecture (P2P). Hybrid Botnet Architecture. Hyper Text Transfer Protocol with Peer to Peer (HttP2P) Botnet Architecture. Self-healing system Architecture. Conclusion References 2
  • 3. Introduction  BOTNET or Robot Network is the biggest network security threats faced by home users, organizations, and governments.  A “BOTNET” is a network of compromised computers (“bots”) connected to the Internet that is controlled by a remote attacker (“botmaster”).  Created by intelligent and up to date hackers. 3
  • 4. 4
  • 5. Botnet Life Cycle • Once botnet infects a computer, A bot usually steals something such as personal information, Authentication credentials or Credit card data. • The machine then becomes part of the botnet, ready to perform designated malicious tasks. • Common functions in most botnets include DDoS attacks, Click fraud ,spam, phishing etc. 5
  • 6. 6 Botnet Life Cycle
  • 7. Botnet Architecture  Different types of BOTNET architectures: i. ii. iii. iv. Centralized Botnet Architecture. Peer to Peer Botnet Architecture (P2P). Hybrid Botnet Architecture Hyper Text Transfer Protocol with Peer to Peer Botnet Architecture. 7
  • 8. I. Centralized Botnet Architecture • Oldest and easiest architecture to manage and control botnets. • All the zombie computers is being supervised from a center point, which makes them easy to manage. • The disadvantage : Entire botnet can be shutdown if the defender captures the C&C server. • Examples: AgoBot, SDBot, SpyBot, GTBot etc. 8
  • 9. 9
  • 10. II.Peer to Peer Botnet Architecture • Used to remove the drawbacks of centralized architecture. • P2P based n/w is much harder to shutdown. • In this architecture a node can act as a client(soldier bot) as well as a server(supervisor bot) and there is no centralized point as C&C server. • Examples : Phatbot and Peacomm. 10
  • 11. 11
  • 12. III. Hybrid Botnet Architecture • It is harder to be shut down, monitored, and hijacked. • A botmaster could easily monitor the entire botnet by issuing a report command , and make it harder from detecting bots. 12
  • 13. 13
  • 14. IV. Hyper Text Transfer Protocol with Peer to Peer: • The Supervisor-Bot cipher the message. • It continuously search for Soldier-Bot, and when found deliver message to it. • While the Soldier-Bot does not contact dynamically to Supervisor-Bot rather it waits for a call from its supervisor. 14
  • 15. Self healing System Architecture • Concept is inspired by the way organisms adapt to their environment by developing immunity against harmful viruses, bacteria and toxins. • It is based on a study of two HTTP-based botnets, Zeus and Black energy, and two P2P botnets , Waledac and Storm. 15
  • 16. Self healing System Architecture (cont..) • It enables networked systems to look continuously for any alteration of “normal behavior” and apply appropriate corrective actions. • It can recognize when it is not operating correctly and, with little or no human intervention occurs. 16
  • 17. V. Self healing System Architecture (cont..) • It is optimized for a domain controlled network that connects to a large geographic region. • Application is mainly in Defense-in-depth security solution for domain-controlled enterprise networks. 17
  • 18. 18 Self-healing System Architecture
  • 19. Conclusion • Botnets have a direct influence on the number of cybercrimes committed. We have to be well prepared for future botnets. It is an ongoing war between botnet attacks and defenses. 19
  • 20. Reference • [1] Ihsan Ullah, Naveed Khan, Hatim A.Aboalsamh,“ SURVEY ON BOTNET: ITS ARCHITECTURE, DETECTION, PREVENTION AND MITIGATION”, 978-1-4673-5200-0/13/$31.00 ©2013 IEEE. • [2]Bhagath Singh Jayaprakasam,” MODELING BOTNET IN PEER TO PEER SYSTEMSPRESENTED” Apr 28, 2011. • [3] Adeeb Alhomoud and Irfan Awan ,Jules Ferdinand Pagna Disso, Muhammad Younas,“A Next- Generation Approach to Combating Botnets” 0018-9162/13/$31.00 © 2013 IEEE. 20
  • 21. 21