slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Speaker : Yi-Ting Tsai Date : 102.11.7 PowerPoint Presentation
Download Presentation
Speaker : Yi-Ting Tsai Date : 102.11.7

Loading in 2 Seconds...

play fullscreen
1 / 16

Speaker : Yi-Ting Tsai Date : 102.11.7 - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang , Baochen Lu , Peng L iao , Chaoge Liu , Xiang Cui - Computer Science and Automation Engineering (CSAE), 2011 IEEE International Conference . Speaker : Yi-Ting Tsai Date : 102.11.7. Outline .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Speaker : Yi-Ting Tsai Date : 102.11.7' - marlis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang , Baochen Lu , Peng Liao , Chaoge Liu , Xiang Cui - Computer Science and Automation Engineering (CSAE), 2011 IEEE International Conference

Speaker : Yi-Ting Tsai

Date : 102.11.7

outline
Outline
  • Centralized Botnet
  • P2P Botnet
  • Hyprid P2P Botnet
  • Hierechical hybrid Botnet
  • Robustness Simulation
  • Defense against the proposed Botnet
  • Conclusion
slide4

Characteristics:

  • relay on C&C Servers
  • Weakness:
  • single-failure
  • Example:
  • AgoBot , SDBot , SpyBot
slide5

P2P Botnet

  • Kademlia-based protocol
  • Example : Slapper botnets

--

--

  • Bootstrap failure
  • Sybil attack

--

--

--

--

  • random probing protocol
  • Example : Sinit botnets
  • Extensive abnormal traffic

--

--

  • Sybil attack
slide6

----

Servent bots

(server+client)

----

  • servent bots :static global IP
  • slave bots:dynamic private IP

----

----

----

Peer list

---------

---------

Slave bots

(client)

  • Weakness:
    • Sybil attack
    • communication between clients

Servent bots IP

----

----

slide7

Servent bots

(server+client)

  • Hierechical hybrid Botnet
  • 1 . Resolve --
    • Sybil attack
    • communication between clients

Slave bots

(client)

2 . Difficult to be shut down

3 . Keep botnet under control

slide8

No

  • detect
  • No
  • hijacking
  • No
  • Sybil attack
  • Advanced
  • bootstrap process

Poll fail

Poll fail

2

failure

1

failure

N-1

failure

0

failure

Poll succeed

Poll succeed

Poll fail

Poll succeed

0 failure

N

failure

0 failure

N-1 failure

2 failure

N failure

1 failure

Poll fail

Delete

slide9

No

  • detect
  • No
  • hijacking
  • No
  • Sybil attack
  • Advanced
  • bootstrap process

Peer list

0 failure

1 failure

< IP , port >

. . . .

N failure

slide10

No

  • detect
  • No
  • hijacking
  • No
  • Sybil attack
  • Advanced
  • bootstrap process

Peer list

  • Random serviceport

0 failure

< IP , port >

  • +
  • Data encryption

1 failure

. . . .

  • ||
  • Perfect !

N failure

slide11

No

  • detect
  • No
  • hijacking
  • No
  • Sybil attack
  • Advanced
  • bootstrap process
  • Communication Encryption

Private key

  • One-time padding

Public key

Public key

  • Command Authentication

Private key

Private key

  • Private key signature

Public key

robustness simulation
Robustness Simulation

Definition : the probability that a botnet remains connected together

after a fraction of bots are removed.

G = ( V , E )

V : bots

simulation settings
Simulation settings

Servent bots : 25%

Maximum size of botnets : 10000

Peer list () : 20

  • igraph library
  • Network Workbench
  • Tool
peer list size and robustness
Peer list size and Robustness

Servent bots : 25%

Maximum size of botnets : 10000

Bots to removed ( P ) = 95%

defense against the proposed botnet
Defense against the proposed Botnet
  • Host-based Detection
    • Signature-based malware detection
    • Behavior-based detection
  • Honeypot-based Monitoring
conclusion
Conclusion
  • Hierarchical hybrid p2p botnet
    • an advanced peer list
    • It can defend against Sybil attacks
  • Weakness :
    • very high complexity
    • very high latency