• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Botnet
 

Botnet

on

  • 755 views

 

Statistics

Views

Total Views
755
Views on SlideShare
755
Embed Views
0

Actions

Likes
0
Downloads
62
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Botnet Botnet Presentation Transcript

    • PRESENTATION ON BOTNETPriyanka Harjai
    • OUTLINEIntroduction to Botnet Botnet Life-cycle Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion
    • INTRODUCTION A Botnet is a network of compromised computers under the control of a remote attacker controller of a botnet is able to direct the activities of these compromised computers Botnet Terminology  Bot Herder (Bot Master)  Bot  Bot Client  IRC Server  Command and Control Channel (C&C)
    • INTRODUCTION TO BOTNET(TERMINOLOGY) IRC Server IRC Channel Code Server Bot Master IRC Channel C&C Traffic Updates Attack Victim
    • BOTNET LIFE-CYCLE
    • BOTNET LIFE-CYCLE
    • BOTNET LIFE-CYCLE
    • BOTNET LIFE-CYCLE
    • BOTNET IN NETWORK SECURITY Internet users are getting infected by bots Many times corporate and end users are trapped in botnet attacks Today 16-25% of the computers connected to the internet are members of a botnet In this network bots are located in various locations It will become difficult to track illegal activities This behavior makes botnet an attractive tool for intruders and increase threat against network security
    • BOTNET IS USED FOR- Money Bot Master
    • HOW BOTNET IS USED??Distributed Denial of Service (DDoS) attacks Sending Spams Phishing Addware Spyware Click Fraud
    • BOTNET DETECTIONTwo approaches for botnet detection based on Setting up honeynets Passive traffic monitoring  Signature based  Anomaly based  DNS based
    • BOTNET DETECTION:SETTING UP HONEYNETS Windows Honey pot  Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password
    • BOTNET DETECTION:SETTING UP HONEYNETS Bot Sensor 1. Malicious Traffic 2. Inform bot’s IP 3. Authorize Bot Master
    • BOTNET DETECTION:TRAFFIC MONITORING Signature based: Detection of known botnets Anomaly based: Detect botnet using following anomalies  High network latency  High volume of traffic  Traffic on unusual port  Unusual system behaviour DNS based: Analysis of DNS traffic generated by botnets
    • BOTNET DETECTION Determining the source of a botnet-based attack is challenging: Traditional approach: Every zombie host is an attacker Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack New trend: P2P networks
    • PREVENTING BOTNET INFECTIONSUse a Firewall Use Antivirus (AV) software Deploy an Intrusion Prevention System (IPS) Define a Security Policy and Share Policies with your users systematically
    • CONCLUSION  Botnets pose a significant and growing threat against cyber security  It provides key platform for many cyber crimes (DDOS)  As network security has become integral part of our life and botnets have become the most serious threat to it  It is very important to detect botnet attack and find the solution for it