OUTLINEIntroduction to Botnet Botnet Life-cycle Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion
INTRODUCTION A Botnet is a network of compromised computers under the control of a remote attacker controller of a botnet is able to direct the activities of these compromised computers Botnet Terminology Bot Herder (Bot Master) Bot Bot Client IRC Server Command and Control Channel (C&C)
INTRODUCTION TO BOTNET(TERMINOLOGY) IRC Server IRC Channel Code Server Bot Master IRC Channel C&C Traffic Updates Attack Victim
BOTNET IN NETWORK SECURITY Internet users are getting infected by bots Many times corporate and end users are trapped in botnet attacks Today 16-25% of the computers connected to the internet are members of a botnet In this network bots are located in various locations It will become difficult to track illegal activities This behavior makes botnet an attractive tool for intruders and increase threat against network security
HOW BOTNET IS USED??Distributed Denial of Service (DDoS) attacks Sending Spams Phishing Addware Spyware Click Fraud
BOTNET DETECTIONTwo approaches for botnet detection based on Setting up honeynets Passive traffic monitoring Signature based Anomaly based DNS based
BOTNET DETECTION:SETTING UP HONEYNETS Windows Honey pot Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password
BOTNET DETECTION:SETTING UP HONEYNETS Bot Sensor 1. Malicious Traffic 2. Inform bot’s IP 3. Authorize Bot Master
BOTNET DETECTION:TRAFFIC MONITORING Signature based: Detection of known botnets Anomaly based: Detect botnet using following anomalies High network latency High volume of traffic Traffic on unusual port Unusual system behaviour DNS based: Analysis of DNS traffic generated by botnets
BOTNET DETECTION Determining the source of a botnet-based attack is challenging: Traditional approach: Every zombie host is an attacker Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack New trend: P2P networks
PREVENTING BOTNET INFECTIONSUse a Firewall Use Antivirus (AV) software Deploy an Intrusion Prevention System (IPS) Define a Security Policy and Share Policies with your users systematically
CONCLUSION Botnets pose a significant and growing threat against cyber security It provides key platform for many cyber crimes (DDOS) As network security has become integral part of our life and botnets have become the most serious threat to it It is very important to detect botnet attack and find the solution for it
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.