![International Conference on Communications, Signal Processing, Computing and Information Technologies
(ICCSPCIT-2015) December 8-19, 2015.
1
Abstract Botnets are software agents designed to
automatically perform tasks. A botnet is a term used to
describe a network of infected hosts called bots. They
change their signature and make difficult to take down.
Botmasters are able to infect new computers at a much
faster rate than administrators can remediate them, Botnets
are a significant threat to computer networks and data
stored on Bigdata. They are moving towards the SSL
Encryption to increase the difficulty level of detection. Our
technique is based on the assumption botnet domains have
a short lifetime.
Index Terms— DDoS, SSL protocol, Bigdata.
I. INTRODUCTION1
bot[1]is a malware which installs itself on a
exploiting the vulnerability available in the machine to
a network of zombies called botnet[11] which
remotely restricted by a set of master named as botnet
controller. Botnets are used for Distributed denial-of-
service(DDoS)[2] attacks, P2P Botnets[9][10] are
composed of the virus infected computers severely threaten
the security of internet. Hackers, implant virus in under
attack computers, which were then commanded and
controlled by them throw the internet to operate distributed
denial of services (DDoS), take confidential information,
and distribute junk mails and other malicious acts.
Newer type of botnets that uses on hand P2P protocols to
distribute instructions. This kind of botnet is harder to
detect compared to the other botnets. The bots are
connected to the botnet through a C & C channel as a fore
mentioned. A C & C channel can operate on different
network topologies and communication mechanisms.
II. RELATED WORK
A. Review Stage
Botnets are trying to move towards encryption in order to
improve the confidentiality of their communication and
increase the difficulty level of detection.
Zeus Botnet It follow P2P architecture. Every bot is able to
provide data to the other bots it makes hard to track and
take down.
Existing Botnet Detection Techniques
Rishi[5] Use n-gram analysis with a scoring function to
detect botnets and group them into white list and black list.
BotHunter[6] Performs Evidence gathering for putative
Infection .It is based on the Three Sensor dialog correlation
BotMiner[7] It is a Protocol and structure Independent
anomaly detection system it discuss the SSL blind spot[8]
attack patterns.
III. SYSTEM DESIGN
Anomaly based detection method The most common way
to identify a traffic is to use a combination of five
properties from the packet
a. Traffic monitoring
b. Attributes Extraction
c. Detecting malicious Traffic
Traffic Monitoring Module
Used College lab for collecting the sniffing packets
from network interface. Dumpcap capture option is used
to capture traffic.
Attribute Extraction
Extracted five attributes from the network traffic
Discovery of Botnet using Imitation
Technique
Damalla Jyothi, JNTUH, Research Student, Hyderabad.
M.A.H Farquad, Faculty of Computers and Information Systems, Islamic University of Madinah, Saudi.
Prof. G.Narsimha, HOD of CSE, JNTUH College of Engineering, Sulthanpur,
A](https://image.slidesharecdn.com/botnetbyimitationmethod-180707132228/85/botnet-detection-by-imitation-method-1-320.jpg)
![a. Time
b. Source
c. Destination
d. Protocol
e. Length
Fig 1. Data flow of SSL Encryption
IV. RESULTS
Our experiment is completely based on the assumption
malicious domains will have short lifetime, We used
algorithm to Capture network traffic and system traces is
observed in live execution environment , We clustered
PCAP file data and applied Artificial neural network
Algorithm for getting the suspicious bots in the network
flow.
Fig 2. Botnets visualization
V. CONCLUSION
Botnets are the main security threat on the internet due to
their high reported infection rate. Since 2007 many
detection approaches have been proposed and some real bot
detection systems have been implemented. This experiment
is completely based on the assumption malicious domains
have short life time. We have detected malicious behavior
on the SSL, We believe could represent a botnet. We want
to do further investigations on the botnet detection by using
SSL encryption.
References
[1] A Survey on Botnet Architectures,Detection and
Defences , International Joural of Network Security,Vol.
17,No.3,PP.272-289,May 2015.
[2]A Survey of Bots Used for Distributed Denial of service
Attacks by vrizlynn L.L.Tging,Morris sloman,and Narankar
Dulay
[3] National vulnerability Data Base CVE-2015-1816
[4] National vulnerability Data Base CVE-2015-2866
[5] J.Goebel and T.Holz Rishi:identify bot contaminated
hosts by IRC nickname evaluation “in Proceedings of the
first conference on First Workshop on Hot Topics in
Uderstanding Botnets,pp. 8,Berkely,CA,USA,2007.
[6] G.Gu, P. Porras ,V.Yegneswaran, M. Fong ,and
W.Lee,Bothunter:detecting malware infection through ids-
driven dialog correlation , in proceedings of 16th
USENIX
Security Symposium on USENIX Security symposium
,pp.1-16, Berkely,CA,USA,2007.
[7] G.Gu J. Zhang,and W.Lee ,Botsniffer: Detecting botnet
command and control channels in network Traffic,in
proceedings of 16th
Annual Network and Distributed
System Security
Symposium(NDSS08),Reston,VA,USA,February 2008.
[8] Overview of Certification System E.Gerck,1998.
[9] D.Dittrich and S.Dietrich ,P 2 P as botnet command and
control: a deeper insight,2008 pp,41-48.
[10] R.Schoof and R. Koning Detecting peer to peer botnets
University of Amsterdam,2007.
[11] M.Feily,Survey of botnet and botnet detection 2009,pp
268-273.](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Botnet detection by Imitation method
Similar to Botnet detection by Imitation method (20)
More from Acad
More from Acad (20)
Recently uploaded
Recently uploaded (20)
Botnet detection by Imitation method
- 1. International Conference on Communications, Signal Processing, Computing and Information Technologies (ICCSPCIT-2015) December 8-19, 2015. 1 Abstract Botnets are software agents designed to automatically perform tasks. A botnet is a term used to describe a network of infected hosts called bots. They change their signature and make difficult to take down. Botmasters are able to infect new computers at a much faster rate than administrators can remediate them, Botnets are a significant threat to computer networks and data stored on Bigdata. They are moving towards the SSL Encryption to increase the difficulty level of detection. Our technique is based on the assumption botnet domains have a short lifetime. Index Terms— DDoS, SSL protocol, Bigdata. I. INTRODUCTION1 bot[1]is a malware which installs itself on a exploiting the vulnerability available in the machine to a network of zombies called botnet[11] which remotely restricted by a set of master named as botnet controller. Botnets are used for Distributed denial-of- service(DDoS)[2] attacks, P2P Botnets[9][10] are composed of the virus infected computers severely threaten the security of internet. Hackers, implant virus in under attack computers, which were then commanded and controlled by them throw the internet to operate distributed denial of services (DDoS), take confidential information, and distribute junk mails and other malicious acts. Newer type of botnets that uses on hand P2P protocols to distribute instructions. This kind of botnet is harder to detect compared to the other botnets. The bots are connected to the botnet through a C & C channel as a fore mentioned. A C & C channel can operate on different network topologies and communication mechanisms. II. RELATED WORK A. Review Stage Botnets are trying to move towards encryption in order to improve the confidentiality of their communication and increase the difficulty level of detection. Zeus Botnet It follow P2P architecture. Every bot is able to provide data to the other bots it makes hard to track and take down. Existing Botnet Detection Techniques Rishi[5] Use n-gram analysis with a scoring function to detect botnets and group them into white list and black list. BotHunter[6] Performs Evidence gathering for putative Infection .It is based on the Three Sensor dialog correlation BotMiner[7] It is a Protocol and structure Independent anomaly detection system it discuss the SSL blind spot[8] attack patterns. III. SYSTEM DESIGN Anomaly based detection method The most common way to identify a traffic is to use a combination of five properties from the packet a. Traffic monitoring b. Attributes Extraction c. Detecting malicious Traffic Traffic Monitoring Module Used College lab for collecting the sniffing packets from network interface. Dumpcap capture option is used to capture traffic. Attribute Extraction Extracted five attributes from the network traffic Discovery of Botnet using Imitation Technique Damalla Jyothi, JNTUH, Research Student, Hyderabad. M.A.H Farquad, Faculty of Computers and Information Systems, Islamic University of Madinah, Saudi. Prof. G.Narsimha, HOD of CSE, JNTUH College of Engineering, Sulthanpur, A
- 2. a. Time b. Source c. Destination d. Protocol e. Length Fig 1. Data flow of SSL Encryption IV. RESULTS Our experiment is completely based on the assumption malicious domains will have short lifetime, We used algorithm to Capture network traffic and system traces is observed in live execution environment , We clustered PCAP file data and applied Artificial neural network Algorithm for getting the suspicious bots in the network flow. Fig 2. Botnets visualization V. CONCLUSION Botnets are the main security threat on the internet due to their high reported infection rate. Since 2007 many detection approaches have been proposed and some real bot detection systems have been implemented. This experiment is completely based on the assumption malicious domains have short life time. We have detected malicious behavior on the SSL, We believe could represent a botnet. We want to do further investigations on the botnet detection by using SSL encryption. References [1] A Survey on Botnet Architectures,Detection and Defences , International Joural of Network Security,Vol. 17,No.3,PP.272-289,May 2015. [2]A Survey of Bots Used for Distributed Denial of service Attacks by vrizlynn L.L.Tging,Morris sloman,and Narankar Dulay [3] National vulnerability Data Base CVE-2015-1816 [4] National vulnerability Data Base CVE-2015-2866 [5] J.Goebel and T.Holz Rishi:identify bot contaminated hosts by IRC nickname evaluation “in Proceedings of the first conference on First Workshop on Hot Topics in Uderstanding Botnets,pp. 8,Berkely,CA,USA,2007. [6] G.Gu, P. Porras ,V.Yegneswaran, M. Fong ,and W.Lee,Bothunter:detecting malware infection through ids- driven dialog correlation , in proceedings of 16th USENIX Security Symposium on USENIX Security symposium ,pp.1-16, Berkely,CA,USA,2007. [7] G.Gu J. Zhang,and W.Lee ,Botsniffer: Detecting botnet command and control channels in network Traffic,in proceedings of 16th Annual Network and Distributed System Security Symposium(NDSS08),Reston,VA,USA,February 2008. [8] Overview of Certification System E.Gerck,1998. [9] D.Dittrich and S.Dietrich ,P 2 P as botnet command and control: a deeper insight,2008 pp,41-48. [10] R.Schoof and R. Koning Detecting peer to peer botnets University of Amsterdam,2007. [11] M.Feily,Survey of botnet and botnet detection 2009,pp 268-273.