1 / 19

BOTNETS

BOTNETS. Sravanthi Vattikuti Sri Harsha Devabhaktuni. What will we cover?. What are botnets? What are they used for? How do they work? Attacks Detection Prevention Methods Future Challenges. Botnets.

colleenbarnes
Download Presentation

BOTNETS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BOTNETS Sravanthi Vattikuti Sri Harsha Devabhaktuni

  2. What will we cover? • What are botnets? • What are they used for? • How do they work? • Attacks • Detection • Prevention Methods • Future Challenges

  3. Botnets • “A botnet is a large collection of well-connected compromised machines, that interact to take part in some distributed task.” • Bots (Zombies) • Botmaster (Bot herder) • Command and Control Server (C&C)

  4. What are they used for? • Communication • Resource Sharing • Curiosity • Fun • Financial Gain

  5. How do they work?

  6. How do they work?

  7. How do they work?

  8. How do they work?

  9. Botnet Attacks • Distributed Denial of Service (DDoS) • Disable network services by consuming bandwidths • Information Leakage • Retrieve sensitive information by Key logging • Click Fraud • Obtain Higher click through rate (CTR) • Identity Fraud • Phishing Mail

  10. Distributed Denial of Service (DDoS)

  11. Click Fraud

  12. Detection Methods Honeypot and Honeynet Prevent Detect Response Monitor

  13. Detection Methods • IRC-based Detection • Detection based on traffic analysis • Detection based on anomaly activities

  14. Detection Methods • DNS Tracking • Distinguish botnet based on a similarity value • Monitor anti-virus and firewall logs • Use IDS to watch for: • IRC/P2P/Botnet activity • Attacks and DoS traffic coming FROM your network

  15. You’ve detected it, now what? • Begin incident response • Treat it like a virus infection • First priority is removal of malware • If possible, determine how it got on • This will help prevent further infections • Prevent it from happening again • Patch, user awareness, etc.

  16. Botnet Prevention • Countermeasures for Public • Firewall Equipment • Countermeasures for Home Users • Use anti-virus • Attention while downloading • Back-up all systems • Countermeasures for System Administrator • Monitor logs regularly • Use network packet sniffer • Isolate the malicious subnet • Scan individual machine

  17. The Future of Botnets • Attackers are going to get better • More complicated botnets will appear • In-Depth analysis at different levels • Flash Botnets • Hard to distinguish malicious packages from regular traffic.

  18. References • www.korelogic.com/Resources/Presentations/botnets_issa.pdf • Nicholas Ianelli, Aaron Hackworth, Botnets as a Vehicle for Online Crime, Carnegie Mellon University 2005.  • Wikipedia, “Botnet,” http://en.wikipedia.org/wiki/Botnet • R. Puri, “Bots and botnets: an overview,” Tech. Rep., SANS Institute, 2003. • Google • bots, botnets, botmaster

  19. Questions?

More Related