• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1497-1499
• /
• 2009

최근 들어 스팸 메일, 키 로깅, DDoS와 같은 공격에 Botnet이 사용되고 있다. Botnet은 크래커에 의해 명령, 제어되는 Bot에 감염된 클라이언트로 이루어진 네트워크이다. 지금까지 유선망의 Botnet을 탐지하기 위한 많은 기법이 제안되었지만, 현재 많은 개발이 이루어지고 있는 6LoWPAN과 같은 무선 센서 네트워크상의 Botnet에 관한 연구와 그 대처방안은 전무한 상태이다. 본 논문에서는 6LoWPAN 환경에서 Botnet이 얼마나 위험할 수 있는지 살펴보고 이를 탐지하기 위한 메커니즘을 제안하고자 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.111-114
• /
• 2019

최근 봇넷(Botnet)은 PC 뿐만 아니라 IoT 기기를 대상으로 확대되어 구축되고 있으며, 최신 기술들이 적용되면서 탐지와 방어가 어렵도록 구축되고 있다. 특히, 해커와 테러범 사이에서 많이 활용되는 정보 은닉 기술인 스테가노그래피(Steganography)가 적용된 Botnet(Stego-botnet)이 출현하였는데, 기존의 Botnet 형태와는 달리 SNS 환경을 Botnet 개체 사이의 통신 기반으로 활용하며 Steganography 기술로 통신 내용을 숨겨 탐지가 어렵기 때문에 그 위험성과 피해가 심각할 수 있다. 본 논문에서는 SNS 환경에서의 Steganography 기반 Botnet 구축 가능성을 조사하고, 실제로 카카오톡을 활용한 Steganography 기반 Botnet 통신 가능성을 실험한 후 결과를 제시하며, Steganography 기반 Botnet에 대한 탐지 및 역추적 방안을 간략히 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.37-44
• /
• 2011

Recently malicious activities that is a DDoS, spam, propagation of malware, steeling person information, phishing on the Internet are related malicious botnet. To detect malicious botnet, Many researchers study a detection system for malicious botnet, but these applies specific protocol, action or attack based botnet. In this reason, we study a selection of measurement to detec malicious botnet in this paper. we collect a traffic of malicious botnet and analyze it for feature of network traffic. And we select a feature based measurement. we expect to help a detection of malicious botnet through this study.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.659-660
• /
• 2009

Botnet은 공격자의 명령을 받아 공격을 수행하는 Bot과 bot을 관리하는 서버(혹은 peer)로 이루어진 네트워크이다. 유선 네트워크 상에서 Botnet을 탐지하기 위해서 많은 메커니즘이 제안되었지만 6LoWPAN과 같은 IP 기반의 센서네트워크 상에서 Botnet의 유형이나 탐지법에 대해서는 제안된 메커니즘이 없었다. 본 논문에서는 6LoWPAN 환경에서 Botnet의 공격 유형과 탐지법을 제안하고 구현 사례를 설명한다.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.81-90
• /
• 2014

As mobile devices have become widely used and developed, PC based malwares can be moving towards mobile-based units. In particular, mobile Botnet reuses powerful malicious behavior of PC-based Botnet or add new malicious techniques. Different from existing PC-based Botnet detection schemes, mobile Botnet detection schemes are generally host-based. It is because mobile Botnet has various attack vectors and it is difficult to inspect all the attack vector at the same time. In this paper, to overcome limitations of host-based scheme, we compare two network-based schemes which detect mobile Botnet by applying HMM and SVM techniques. Through the verification analysis under real Botnet attacks, we present detection rates and detection properties of two schemes.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.69-79
• /
• 2017

In this paper, we propose our four-phase life cycle of P2P botnet with corresponding detection methods and the future direction for more effective P2P botnet detection. Our proposals are based on the intensive analysis that compares existing P2P botnet detection schemes in different points of view such as life cycle of P2P botnet, machine learning methods for data mining based detection, composition of data sets, and performance matrix. Our proposed life cycle model composed of linear sequence stages suggests to utilize features in the vulnerable phase rather than the entire life cycle. In addition, we suggest the hybrid detection scheme with data mining based method and our proposed life cycle, and present the improved composition of experimental data sets through analysing the limitations of previous works.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.123-132
• /
• 2021

Malicious activities of Botnets are responsible for huge financial losses to Internet Service Providers, companies, governments and even home users. In this paper, we try to confirm the possibility of detecting botnet traffic by applying the deep learning model Convolutional Neural Network (CNN) using the CTU-13 botnet traffic dataset. In particular, we classify three classes, such as the C&C traffic between bots and C&C servers to detect C&C servers, traffic generated by bots other than C&C communication to detect bots, and normal traffic. Performance metrics were presented by accuracy, precision, recall, and F1 score on classifying both known and unknown botnet traffic. Moreover, we propose a stackable botnet detection system that can load modules for each botnet type considering scalability and operability on the real field.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.1
• /
• pp.47-55
• /
• 2009

Bot is a kind of worm/virus that is remotely controlled by a herder. Bot can be used to launch distributed denial-of-service(DDoS) attacks or send spam e-mails etc. Launching cyber attacks using malicious Bots is motivated by increased monetary gain which is not the objective of worm/virus. However, it is very difficult for infected user to detect this infection of Botnet which becomes more serious problems. This is why botnet is a dangerous, malicious program. The Bot DNS Sinkhole is a domestic bot mitigation scheme which will be proved in this paper as one of an efficient ways to prevent malicious activities caused by bots and command/control servers. In this paper, we analysis botnet activities over more than one-year period, including Bot's lifetime, Bot command/control server's characterizing. And we analysis more efficient ways to prevent botnet activities. We have showed that DNS sinkhole scheme is one of the most effective Bot mitigation schemes.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.744-748
• /
• 2012

Botnet is a network that consists of bot hosts infected by malware. The C&C server of centralized botnet, which is being used widely, is relatively easy to detect, while detecting P2P botnet is not a trivial problem because of the existence of many avoiding techniques. In this paper, we separate the network into inner and outer sub-network at the location of the router, and analyze the method of detecting botnet using path of packet and infection probability. We have extended Dye-Pumping algorithm in order to detect P2P botnet members more accurately, and we expect that the analysis of the results can be used as a basis of techniques that detect and block P2P botnet in the networks.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.127-134
• /
• 2022

Steganography is a hidden technique in which secret messages are hidden in various multimedia files, and it is widely exploited for cyber crime and attacks because it is very difficult for third parties other than senders and receivers to identify the presence of hidden information in communication messages. Botnet typically consists of botmasters, bots, and C&C (Command & Control) servers, and is a botmasters-controlled network with various structures such as centralized, distributed (P2P), and hybrid. Recently, in order to enhance the concealment of botnets, research on Stego Botnet, which uses SNS platforms instead of C&C servers and performs C&C communication by applying steganography techniques, has been actively conducted, but image or video media-oriented stego botnet techniques have been studied. On the other hand, audio files such as various sound sources and recording files are also actively shared on SNS, so research on stego botnet based on audio steganography is needed. Therefore, in this study, we present the results of comparative analysis on hidden capacity by file type and tool through experiments, using a stego botnet that performs C&C hidden communication using audio files as a cover medium in Telegram Messenger.