Botnet
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Botnet

on

  • 984 views

 

Statistics

Views

Total Views
984
Views on SlideShare
984
Embed Views
0

Actions

Likes
1
Downloads
73
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Botnet Presentation Transcript

  • 1. PRESENTATION ON BOTNETPriyanka Harjai
  • 2. OUTLINEIntroduction to Botnet Botnet Life-cycle Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion
  • 3. INTRODUCTION A Botnet is a network of compromised computers under the control of a remote attacker controller of a botnet is able to direct the activities of these compromised computers Botnet Terminology  Bot Herder (Bot Master)  Bot  Bot Client  IRC Server  Command and Control Channel (C&C)
  • 4. INTRODUCTION TO BOTNET(TERMINOLOGY) IRC Server IRC Channel Code Server Bot Master IRC Channel C&C Traffic Updates Attack Victim
  • 5. BOTNET LIFE-CYCLE
  • 6. BOTNET LIFE-CYCLE
  • 7. BOTNET LIFE-CYCLE
  • 8. BOTNET LIFE-CYCLE
  • 9. BOTNET IN NETWORK SECURITY Internet users are getting infected by bots Many times corporate and end users are trapped in botnet attacks Today 16-25% of the computers connected to the internet are members of a botnet In this network bots are located in various locations It will become difficult to track illegal activities This behavior makes botnet an attractive tool for intruders and increase threat against network security
  • 10. BOTNET IS USED FOR- Money Bot Master
  • 11. HOW BOTNET IS USED??Distributed Denial of Service (DDoS) attacks Sending Spams Phishing Addware Spyware Click Fraud
  • 12. BOTNET DETECTIONTwo approaches for botnet detection based on Setting up honeynets Passive traffic monitoring  Signature based  Anomaly based  DNS based
  • 13. BOTNET DETECTION:SETTING UP HONEYNETS Windows Honey pot  Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password
  • 14. BOTNET DETECTION:SETTING UP HONEYNETS Bot Sensor 1. Malicious Traffic 2. Inform bot’s IP 3. Authorize Bot Master
  • 15. BOTNET DETECTION:TRAFFIC MONITORING Signature based: Detection of known botnets Anomaly based: Detect botnet using following anomalies  High network latency  High volume of traffic  Traffic on unusual port  Unusual system behaviour DNS based: Analysis of DNS traffic generated by botnets
  • 16. BOTNET DETECTION Determining the source of a botnet-based attack is challenging: Traditional approach: Every zombie host is an attacker Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack New trend: P2P networks
  • 17. PREVENTING BOTNET INFECTIONSUse a Firewall Use Antivirus (AV) software Deploy an Intrusion Prevention System (IPS) Define a Security Policy and Share Policies with your users systematically
  • 18. CONCLUSION  Botnets pose a significant and growing threat against cyber security  It provides key platform for many cyber crimes (DDOS)  As network security has become integral part of our life and botnets have become the most serious threat to it  It is very important to detect botnet attack and find the solution for it