Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Study on Botnet Architecture


Published on

Study on different botnet architectures

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Study on Botnet Architecture

  1. 1. A STUDY ON BOTNET ARCHITECTURE Seminar Guide, SHIBU V.S Asst.Professor Mar Baselios College of Engg. By, BINI B.S Mtech, CSE MBCET 1
  2. 2. Overview Introduction How Botnet Works Botnet Life Cycle Botnet Architecture Centralized Botnet Architecture. Peer to Peer Botnet Architecture (P2P). Hybrid Botnet Architecture. Hyper Text Transfer Protocol with Peer to Peer (HttP2P) Botnet Architecture. Self-healing system Architecture. Conclusion References 2
  3. 3. Introduction  BOTNET or Robot Network is the biggest network security threats faced by home users, organizations, and governments.  A “BOTNET” is a network of compromised computers (“bots”) connected to the Internet that is controlled by a remote attacker (“botmaster”).  Created by intelligent and up to date hackers. 3
  4. 4. 4
  5. 5. Botnet Life Cycle • Once botnet infects a computer, A bot usually steals something such as personal information, Authentication credentials or Credit card data. • The machine then becomes part of the botnet, ready to perform designated malicious tasks. • Common functions in most botnets include DDoS attacks, Click fraud ,spam, phishing etc. 5
  6. 6. 6 Botnet Life Cycle
  7. 7. Botnet Architecture  Different types of BOTNET architectures: i. ii. iii. iv. Centralized Botnet Architecture. Peer to Peer Botnet Architecture (P2P). Hybrid Botnet Architecture Hyper Text Transfer Protocol with Peer to Peer Botnet Architecture. 7
  8. 8. I. Centralized Botnet Architecture • Oldest and easiest architecture to manage and control botnets. • All the zombie computers is being supervised from a center point, which makes them easy to manage. • The disadvantage : Entire botnet can be shutdown if the defender captures the C&C server. • Examples: AgoBot, SDBot, SpyBot, GTBot etc. 8
  9. 9. 9
  10. 10. II.Peer to Peer Botnet Architecture • Used to remove the drawbacks of centralized architecture. • P2P based n/w is much harder to shutdown. • In this architecture a node can act as a client(soldier bot) as well as a server(supervisor bot) and there is no centralized point as C&C server. • Examples : Phatbot and Peacomm. 10
  11. 11. 11
  12. 12. III. Hybrid Botnet Architecture • It is harder to be shut down, monitored, and hijacked. • A botmaster could easily monitor the entire botnet by issuing a report command , and make it harder from detecting bots. 12
  13. 13. 13
  14. 14. IV. Hyper Text Transfer Protocol with Peer to Peer: • The Supervisor-Bot cipher the message. • It continuously search for Soldier-Bot, and when found deliver message to it. • While the Soldier-Bot does not contact dynamically to Supervisor-Bot rather it waits for a call from its supervisor. 14
  15. 15. Self healing System Architecture • Concept is inspired by the way organisms adapt to their environment by developing immunity against harmful viruses, bacteria and toxins. • It is based on a study of two HTTP-based botnets, Zeus and Black energy, and two P2P botnets , Waledac and Storm. 15
  16. 16. Self healing System Architecture (cont..) • It enables networked systems to look continuously for any alteration of “normal behavior” and apply appropriate corrective actions. • It can recognize when it is not operating correctly and, with little or no human intervention occurs. 16
  17. 17. V. Self healing System Architecture (cont..) • It is optimized for a domain controlled network that connects to a large geographic region. • Application is mainly in Defense-in-depth security solution for domain-controlled enterprise networks. 17
  18. 18. 18 Self-healing System Architecture
  19. 19. Conclusion • Botnets have a direct influence on the number of cybercrimes committed. We have to be well prepared for future botnets. It is an ongoing war between botnet attacks and defenses. 19
  20. 20. Reference • [1] Ihsan Ullah, Naveed Khan, Hatim A.Aboalsamh,“ SURVEY ON BOTNET: ITS ARCHITECTURE, DETECTION, PREVENTION AND MITIGATION”, 978-1-4673-5200-0/13/$31.00 ©2013 IEEE. • [2]Bhagath Singh Jayaprakasam,” MODELING BOTNET IN PEER TO PEER SYSTEMSPRESENTED” Apr 28, 2011. • [3] Adeeb Alhomoud and Irfan Awan ,Jules Ferdinand Pagna Disso, Muhammad Younas,“A Next- Generation Approach to Combating Botnets” 0018-9162/13/$31.00 © 2013 IEEE. 20
  21. 21. 21