SlideShare a Scribd company logo

Botnet.pptx

Download as PPTX, PDF
C
Chetanmalviya8

Ethical hacking topic botnet

Technology
1 of 15
Botnet Detection
What is a Bot? • A malware instance that runs autonomously and automatically on a compromised computer (zombie) without owner’s consent • Profit-driven, professionally written, widely propagated • You might have seen them before in chat rooms, online games, etc.
What is a Botnet • Botnet (Bot Army): network of bots controlled by criminals • Definition: “A coordinated group of malware instances that are controlled by a botmaster via some C&C channel” – Coordinated: do coordinated actions – Group: yes, it’s a group of bots! – Botmaster: meet the cybercriminal – C&C channel: command and control channel 3
CS660 - Advanced Information Assurance - UMassAmherst 4
Structures • Centralized – IRC channels – HTTP CS660 - Advanced Information Assurance - UMassAmherst 5 • Distributed – P2P
CS660 - Advanced Information Assurance - UMassAmherst 6
CS660 - Advanced Information Assurance - UMassAmherst 7
Breadth • Numerous variations of botnets – According to a study in 2013 by Incapsula, more than 61 percent of all Web traffic is now generated by bots – 25% of Internet PCs are part of a botnet!” ( - Vint Cerf) • It’s a real threat! 8
What is the Command and Control (C&C) Channel? • The Command and Control (C&C) channel is needed so bots can receive their commands and coordinate fraudulent activities • The C&C channel is the means by which individual bots form a botnet
Some Botnets 1. Zeus (3.6 million) 2. Koobface (2.9 million) 3. TidServ (1.5 million) 4. Trojan.Fakeavalert (1.4 million) 5. TR/DIdr.Agent.JKH (1.2 million) 6. Monkif (520,000) 7. Hamweq (480,000) 8. Swizzor (370,000) 9. Gammima (230,000) 10. Conficker (210,000)
What are they used for? • Distributed Denial-of-Service Attacks • Spam • Phishing • Information Theft • Distributing other malware
Botnet Detection is Hard! • One out of four PC infected • Bots are stealthy on infected machines • Botnets are dynamically evolving and becoming more flexible – Static and signature-based approached less effective • Come in many variations – Centralized/distributed, different channels, etc. – There’s no one-size-fits-all solution
Existing Techniques not Effective • AntiVirus tools are evaded – need to update frequently – Bots use rootkit – … • Intrusion detection systems – Do not have a big picture • Past research aims are too specific – Some apply to specific type of botnet (e.g., IRC-based only, or centralized only) – Some apply to specific instances of botnet 13
BotMiner • Observation: – Bots part of a botnet have similar communications – Bots part of a botnet take similar actions – Bots stay there for long term • Approach: Let’s find machines that have correlated (similar) communication and actions over time 14
BotMiner • Analysis is done over two planes: C-plane (Communication plane): “who is talking to whom, and how” A-plane (Activity plane): “who is doing what” 15

Recommended

New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)André Fucs de Miranda
 
Botnets
BotnetsBotnets
Botnetsrichashri3
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At ScaleMayank Dhiman
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques SafiUllah Saikat
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applicationsUltraUploader
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacksgocybersec
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 

Recommended

New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)André Fucs de Miranda
 
Botnets
BotnetsBotnets
Botnetsrichashri3
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At ScaleMayank Dhiman
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques SafiUllah Saikat
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applicationsUltraUploader
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacksgocybersec
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationSecurity Innovation
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
BOTNET
BOTNETBOTNET
BOTNETSOHITGOBINDAMSHAW
 
Netforts
Netforts Netforts
Netforts Wing Venture Capital
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against RansomwareKevo Meehan
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draftNishant Agrawal
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
 
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Security Session
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015n|u - The Open Security Community
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSamip Shah
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 
Security and Privacy.PDF
Security and Privacy.PDFSecurity and Privacy.PDF
Security and Privacy.PDFChetanmalviya8
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.pptChetanmalviya8
 

More Related Content

Similar to Botnet.pptx

Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationSecurity Innovation
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against RansomwareKevo Meehan
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draftNishant Agrawal
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
 
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Security Session
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSamip Shah
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 

Similar to Botnet.pptx (20)

Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
BOTNET
BOTNETBOTNET
BOTNET
 
Netforts
Netforts Netforts
Netforts
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The Botmaster
 

More from Chetanmalviya8

Security and Privacy.PDF
Security and Privacy.PDFSecurity and Privacy.PDF
Security and Privacy.PDFChetanmalviya8
 
OOAD PRESENTATION.pptx
OOAD PRESENTATION.pptxOOAD PRESENTATION.pptx
OOAD PRESENTATION.pptxChetanmalviya8
 

More from Chetanmalviya8 (7)

Security and Privacy.PDF
Security and Privacy.PDFSecurity and Privacy.PDF
Security and Privacy.PDF
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
 
WirelessLANs.pptx
WirelessLANs.pptxWirelessLANs.pptx
WirelessLANs.pptx
 
OOAD PRESENTATION.pptx
OOAD PRESENTATION.pptxOOAD PRESENTATION.pptx
OOAD PRESENTATION.pptx
 
Graph Coloring
Graph ColoringGraph Coloring
Graph Coloring
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Monitors.ppt
Monitors.pptMonitors.ppt
Monitors.ppt
 

Recently uploaded

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Recently uploaded (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Botnet.pptx

  • 2. What is a Bot? • A malware instance that runs autonomously and automatically on a compromised computer (zombie) without owner’s consent • Profit-driven, professionally written, widely propagated • You might have seen them before in chat rooms, online games, etc.
  • 3. What is a Botnet • Botnet (Bot Army): network of bots controlled by criminals • Definition: “A coordinated group of malware instances that are controlled by a botmaster via some C&C channel” – Coordinated: do coordinated actions – Group: yes, it’s a group of bots! – Botmaster: meet the cybercriminal – C&C channel: command and control channel 3
  • 4. CS660 - Advanced Information Assurance - UMassAmherst 4
  • 5. Structures • Centralized – IRC channels – HTTP CS660 - Advanced Information Assurance - UMassAmherst 5 • Distributed – P2P
  • 6. CS660 - Advanced Information Assurance - UMassAmherst 6
  • 7. CS660 - Advanced Information Assurance - UMassAmherst 7
  • 8. Breadth • Numerous variations of botnets – According to a study in 2013 by Incapsula, more than 61 percent of all Web traffic is now generated by bots – 25% of Internet PCs are part of a botnet!” ( - Vint Cerf) • It’s a real threat! 8
  • 9. What is the Command and Control (C&C) Channel? • The Command and Control (C&C) channel is needed so bots can receive their commands and coordinate fraudulent activities • The C&C channel is the means by which individual bots form a botnet
  • 10. Some Botnets 1. Zeus (3.6 million) 2. Koobface (2.9 million) 3. TidServ (1.5 million) 4. Trojan.Fakeavalert (1.4 million) 5. TR/DIdr.Agent.JKH (1.2 million) 6. Monkif (520,000) 7. Hamweq (480,000) 8. Swizzor (370,000) 9. Gammima (230,000) 10. Conficker (210,000)
  • 11. What are they used for? • Distributed Denial-of-Service Attacks • Spam • Phishing • Information Theft • Distributing other malware
  • 12. Botnet Detection is Hard! • One out of four PC infected • Bots are stealthy on infected machines • Botnets are dynamically evolving and becoming more flexible – Static and signature-based approached less effective • Come in many variations – Centralized/distributed, different channels, etc. – There’s no one-size-fits-all solution
  • 13. Existing Techniques not Effective • AntiVirus tools are evaded – need to update frequently – Bots use rootkit – … • Intrusion detection systems – Do not have a big picture • Past research aims are too specific – Some apply to specific type of botnet (e.g., IRC-based only, or centralized only) – Some apply to specific instances of botnet 13
  • 14. BotMiner • Observation: – Bots part of a botnet have similar communications – Bots part of a botnet take similar actions – Bots stay there for long term • Approach: Let’s find machines that have correlated (similar) communication and actions over time 14
  • 15. BotMiner • Analysis is done over two planes: C-plane (Communication plane): “who is talking to whom, and how” A-plane (Activity plane): “who is doing what” 15