BOTNET CLASSIFICATION ATTACKS DETECTION TRACING AND PREVENTIVE MEASURES
BOTNET: CLASSIFICATION, ATTACKS, DETECTION, TRACING, AND PREVENTIVE MEASURES SHAU-EN CHOU WIRELESS AND BROADBAND NETWORKS LABORATORY DEPARTMENT OF CSIE NATIONAL TAIPEI UNIVERSITY OF TECHNOLOGY
OUTLINE l Introduction l Classificstion l Botnet Attack l Detection and Tracing l Preventive Measures l Conclusion and Future Chanllenges l References
INTRODUCTION l What is the major object of this paper? Exploit open issues in botnet detection and preventive measures through exhaustive analysis of botnets features and existing researches. l What is botnet? 當一台電腦被植入可遠端操控的惡意程式時,則此台電腦則成為一 個robot,當一群的robot被操作去做一些甚至使用者不知道的事情, 稱之為botnet l Three component l Command Control (C 2 or C&C) server l Bot herder l Bot client
EXAMPLE
BOTNET LIFECYCLE
EXAMPLE
TYPES OF BOTS l Agobot l SDBot l Spy. Bot l GT Bot
SDBOT l 控制指令與特色類似於Agobot但又簡單許多 l 大多不超過2500行 l 控制指令很好去擴充、增強 l 在網路可以找到大量的惡意補丁 l l l Scanning Do. S attacks Sniffers Information harvesting Encryption routines
CLICK FRAUD
PREVENTIVE MEASURE l Countermeasure on Botnet Attack l 現今有很多防毒公司都專注於停止botnet上面,某一些有提 供消費者防護的方法,但大多數都是設計給ISP或是企業 l 目前,在辨認出遭受botnet攻擊後,沒有比關掉IRC主機或 是停掉DNS entries 更好的方法了 l Countermeasure for Public l Home Users l System Administrator
HOME USER
SYSTEM ADMINISTRATOR
REFERENCES [1] Wikipedia, “Internet bot, ” http: //en. wikipedia. org/wiki/Internet_bot [2] Wikipedia, “Botnet, ” http: //en. wikipedia. org/wiki/Botnet [3] Wikipedia, “IRC, ” http: //en. wikipedia. org/wiki/Internet_Relay_Chat [4] P. Barford and V. Yegneswaran, “An inside look at botnets, ” in Proceedings of the ARO-DHS Special Workshop on Malware Detection, Advances in Information Security, Springer, 2006. [5]蔡一郎, ”深入淺出Honeynet技術, ” http: //www. myhome. net. tw/cert 01/12. htm [6]TREND雲端運算安全技術BLOG, ”BOTNET殭屍網路, ” http: //domynews. blog. ithome. com. tw/post/1252/36516
REFERENCES [7] Wikipedia, “Agobot, ” http: //en. wikipedia. org/wiki/Agobot [8] P. Sroufe, S. Phithakkitnukoon, R. Dantu, and J. Cangussu, “Email shape analysis for spam botnet detection, ” in Proceedings of the 6 th IEEE Consumer Communications and Networking Conference (CCNC ’ 09), pp. 1– 2, Las Vegas, Nev, USA, January 2009
Q&A?
- Slides: 40