BOTNETS - Clemson

Download Report

Transcript BOTNETS - Clemson 

BOTNETS
Sravanthi Vattikuti
Sri Harsha Devabhaktuni
What will we cover?
• What are botnets?
• What are they used for?
• How do they work?
• Attacks
• Detection
• Prevention Methods
• Future Challenges
Botnets
• “A botnet is a large collection of well-connected
compromised machines, that interact to take
part in some distributed task.”
 Bots (Zombies)
 Botmaster (Bot herder)
 Command and Control Server (C&C)
What are they used for?
• Communication
• Resource Sharing
• Curiosity
• Fun
• Financial Gain
How do they work?
How do they work?
How do they work?
How do they work?
Botnet Attacks
• Distributed Denial of Service (DDoS)
 Disable network services by consuming bandwidths
• Information Leakage
 Retrieve sensitive information by Key logging
• Click Fraud
 Obtain Higher click through rate (CTR)
• Identity Fraud
 Phishing Mail
Distributed Denial of Service (DDoS)
Click Fraud
Detection Methods
Honeypot and Honeynet
Attackers
Attack Data
HoneyPot A
Gateway
Prevent
Detect
Response
Monitor
Detection Methods
• IRC-based Detection
 Detection based on traffic analysis
 Detection based on anomaly activities
Detection Methods
• DNS Tracking
 Distinguish botnet based on a similarity value
• Monitor anti-virus and firewall logs
• Use IDS to watch for:
 IRC/P2P/Botnet activity
 Attacks and DoS traffic coming FROM your
network
You’ve detected it, now what?
• Begin incident response
 Treat it like a virus infection
• First priority is removal of malware
• If possible, determine how it got on
 This will help prevent further infections
• Prevent it from happening again
 Patch, user awareness, etc.
Botnet Prevention
• Countermeasures for Public
 Firewall Equipment
• Countermeasures for Home Users
 Use anti-virus
 Attention while downloading
 Back-up all systems
• Countermeasures for System Administrator
 Monitor logs regularly
 Use network packet sniffer
 Isolate the malicious subnet
 Scan individual machine
The Future of Botnets
• Attackers are going to get better
• More complicated botnets will appear
• In-Depth analysis at different levels
• Flash Botnets
• Hard to distinguish malicious packages
from regular traffic.
References
• www.korelogic.com/Resources/Presentations/bo
tnets_issa.pdf
• Nicholas Ianelli, Aaron Hackworth, Botnets as a
Vehicle for Online Crime, Carnegie Mellon
University 2005.
• Wikipedia, “Botnet,”
http://en.wikipedia.org/wiki/Botnet
• R. Puri, “Bots and botnets: an overview,” Tech.
Rep., SANS Institute, 2003.
• Google
 bots, botnets, botmaster
Questions?