Your SlideShare is downloading. ×
Botnet Detection Techniques
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Botnet Detection Techniques

770
views

Published on

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
770
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
50
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • {}
  • Transcript

    • 1. BotNet Detection Techniques By Team Firefly Technical Support For System Errors And Security Issues Cyber Security Awareness Program On Friday, October 18, 2013
    • 2. Outline  Introduction to Botnet  Botnet Life-cycle  Botnet in Network Security  Botnet Uses  Botnet Detection  Preventing Botnet Infection  Botnet Research  Conclusion  References Page  2
    • 3. Introduction to Botnet A Botnet is a network of compromised computers under the control of a remote attacker.  Botnet Terminology  Bot Herder (Bot Master)  Bot  Bot Client  IRC Server  Command and Control Channel (C&C) Page  3
    • 4. Introduction to Botnet (Terminology) IRC Server IRC Channel Code Server Bot Master IRC Channel C&C Traffic Updates Attack Victim Page  4 Bots
    • 5. Botnet Life-cycle Page  5
    • 6. Botnet Life-cycle Page  6
    • 7. Botnet Life-cycle Page  7
    • 8. Botnet Life-cycle Page  8
    • 9. Botnet In Network Security  Internet users are getting infected by bots  Many times corporate and end users are trapped in botnet attacks  Today 16-25% of the computers connected to the internet are members of a botnet  In this network bots are located in various locations  It will become difficult to track illegal activities  This behavior makes botnet an attractive tool for intruders and increase threat against network security Page  9
    • 10. Botnet is Used For Page  10 Bot Master
    • 11. How Botnet is Used?  Distributed Denial of Service (DDoS) attacks  Sending Spams  Phishing (fake websites)  Addware (Trojan horse)  Spyware (keylogging, information harvesting)  Click Fraud So It is really Important to Detect this attack Page  11
    • 12. Botnet Detection Two approaches for botnet detection based on  Setting up honeynets  Passive traffic monitoring  Signature based  Anomaly based  DNS based  Mining based Page  12
    • 13. Botnet Detection: Setting up Honeynets Windows Honeypot  Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password Page  13
    • 14. Botnet Detection: Setting up Honeynets Bot Sensor 1. Malicious Traffic 3. Authorize Page  14 2. Inform bot’s IP Bot Master
    • 15. Botnet Detection: Traffic Monitoring  Signature based: Detection of known botnets  Anomaly based: Detect botnet using following anomalies • High network latency • High volume of traffic • Traffic on unusual port • Unusual system behaviour  DNS based: Analysis of DNS traffic generated by botnets Page  15
    • 16. Botnet Detection: Traffic Monitoring  Mining based: • Botnet C&C traffic is difficult to detect • Anomaly based techniques are not useful • Data Mining techniques – Classification, Clustering Page  16
    • 17. Botnet Detection  Determining the source of a botnet-based attack is challenging:  Traditional approach:  Every zombie host is an attacker  Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack  New trend:  P2P networks Page  17
    • 18. Preventing Botnet Infections  Use a Firewall  Patch regularly and promptly  Use Antivirus (AV) software  Deploy an Intrusion Prevention System (IPS)  Implement application-level content filtering  Define a Security Policy and  Share Policies with your users systematically Page  18
    • 19. Botnet Research  Logging onto herder IRC server to get info  Passive monitoring Either listening between infected machine and herder or spoofing infected PC  Active monitoring: Poking around in the IRC server  Sniffing traffic between bot & control channel Page  19
    • 20. Botnet Research: Monitoring Attacker Infected Hi! IRC Researcher Page  20 Herder
    • 21. Conclusion  Botnets pose a significant and growing threat against cyber security  It provides key platform for many cyber crimes (DDOS)  As network security has become integral part of our life and botnets have become the most serious threat to it  It is very important to detect botnet attack and find the solution for it Page  21
    • 22. References B. Saha and A, Gairola, “Botnet: An overview,” CERT-In White PaperCIWP-2005-05, 2005  Peer to Peer Botnet detection for cyber-security: A data mining approach - ACM Portal Mohammad M. Masud, Jing Gao, Latifur Khan, Jiawei Han, Bhavani Thuraisingham  A Survey of Botnet and Botnet Detection Feily, M.; Shahrestani, A.; Ramadass, S.; Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on Digital Object Publication Year: 2009 , Page(s): 268 – 273 IEEE CONFERENCES  Honeynet-based Botnet Scan Traffic Analysis Zhichun Li, Anup Goyal, and Yan Chen Northwestern University, Evanston, IL 60208  Detecting Botnets Using Command and Control Traffic AsSadhan, B.; Moura, J.M.F.; Lapsley, D.; Jones, C.; Strayer, W.T.; Network Computing and Applications, 2009. NCA 2009. Eighth IEEE International Symposium. Publication Year: 2009 , Page(s): 156 – 162 IEEE CONFERENCES  Spamming botnets: signatures and characteristics Yinglian Xie, Fang Yu Page  22
    • 23. Page  23
    • 24. Page  24