• Title/Summary/Keyword: Botnets

Search Result 30, Processing Time 0.025 seconds

The Traffic Analysis of P2P-based Storm Botnet using Honeynet (허니넷을 이용한 P2P 기반 Storm 봇넷의 트래픽 분석)

  • Han, Kyoung-Soo;Lim, Kwang-Hyuk;Im, Eul-Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.51-61
    • /
    • 2009
  • Recently, the cyber-attacks using botnets are being increased, Because these attacks pursue the money, the criminal aspect is also being increased, There are spreading of spam mail, DDoS(Distributed Denial of Service) attacks, propagations of malicious codes and malwares, phishings. leaks of sensitive informations as cyber-attacks that used botnets. There are many studies about detection and mitigation techniques against centralized botnets, namely IRC and HITP botnets. However, P2P botnets are still in an early stage of their studies. In this paper, we analyzed the traffics of the Peacomm bot that is one of P2P-based storm bot by using honeynet which is utilized in active analysis of network attacks. As a result, we could see that the Peacomm bot sends a large number of UDP packets to the zombies in wide network through P2P. Furthermore, we could know that the Peacomm bot makes the scale of botnet maintained and extended through these results. We expect that these results are used as a basis of detection and mitigation techniques against P2P botnets.

Mobile Botnet Attacks - an Emerging Threat: Classification, Review and Open Issues

  • Karim, Ahmad;Ali Shah, Syed Adeel;Salleh, Rosli Bin;Arif, Muhammad;Noor, Rafidah Md;Shamshirband, Shahaboddin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.4
    • /
    • pp.1471-1492
    • /
    • 2015
  • The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain.

A Smart Framework for Mobile Botnet Detection Using Static Analysis

  • Anwar, Shahid;Zolkipli, Mohamad Fadli;Mezhuyev, Vitaliy;Inayat, Zakira
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.6
    • /
    • pp.2591-2611
    • /
    • 2020
  • Botnets have become one of the most significant threats to Internet-connected smartphones. A botnet is a combination of infected devices communicating through a command server under the control of botmaster for malicious purposes. Nowadays, the number and variety of botnets attacks have increased drastically, especially on the Android platform. Severe network disruptions through massive coordinated attacks result in large financial and ethical losses. The increase in the number of botnet attacks brings the challenges for detection of harmful software. This study proposes a smart framework for mobile botnet detection using static analysis. This technique combines permissions, activities, broadcast receivers, background services, API and uses the machine-learning algorithm to detect mobile botnets applications. The prototype was implemented and used to validate the performance, accuracy, and scalability of the proposed framework by evaluating 3000 android applications. The obtained results show the proposed framework obtained 98.20% accuracy with a low 0.1140 false-positive rate.

Detection of Zombie PCs Based on Email Spam Analysis

  • Jeong, Hyun-Cheol;Kim, Huy-Kang;Lee, Sang-Jin;Kim, Eun-Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.5
    • /
    • pp.1445-1462
    • /
    • 2012
  • While botnets are used for various malicious activities, it is well known that they are widely used for email spam. Though the spam filtering systems currently in use block IPs that send email spam, simply blocking the IPs of zombie PCs participating in a botnet is not enough to prevent the spamming activities of the botnet because these IPs can easily be changed or manipulated. This IP blocking is also insufficient to prevent crimes other than spamming, as the botnet can be simultaneously used for multiple purposes. For this reason, we propose a system that detects botnets and zombie PCs based on email spam analysis. This study introduces the concept of "group pollution level" - the degree to which a certain spam group is suspected of being a botnet - and "IP pollution level" - the degree to which a certain IP in the spam group is suspected of being a zombie PC. Such concepts are applied in our system that detects botnets and zombie PCs by grouping spam mails based on the URL links or attachments contained, and by assessing the pollution level of each group and each IP address. For empirical testing, we used email spam data collected in an "email spam trap system" - Korea's national spam collection system. Our proposed system detected 203 botnets and 18,283 zombie PCs in a day and these zombie PCs sent about 70% of all the spam messages in our analysis. This shows the effectiveness of detecting zombie PCs by email spam analysis, and the possibility of a dramatic reduction in email spam by taking countermeasure against these botnets and zombie PCs.

DGA-based Botnet Detection Technology using N-gram (N-gram을 활용한 DGA 기반의 봇넷 탐지 방안)

  • Jung Il Ok;Shin Deok Ha;Kim Su Chul;Lee Rock Seok
    • Convergence Security Journal
    • /
    • v.22 no.5
    • /
    • pp.145-154
    • /
    • 2022
  • Recently, the widespread proliferation and high sophistication of botnets are having serious consequences not only for enterprises and users, but also for cyber warfare between countries. Therefore, research to detect botnets is steadily progressing. However, the DGA-based botnet has a high detection rate with the existing signature and statistics-based technology, but also has a high limit in the false positive rate. Therefore, in this paper, we propose a detection model using text-based n-gram to detect DGA-based botnets. Through the proposed model, the detection rate, which is the limit of the existing detection technology, can be increased and the false positive rate can also be minimized. Through experiments on large-scale domain datasets and normal domains used in various DGA botnets, it was confirmed that the performance was superior to that of the existing model. It was confirmed that the false positive rate of the proposed model is less than 2 to 4%, and the overall detection accuracy and F1 score are both 97.5%. As such, it is expected that the detection and response capabilities of DGA-based botnets will be improved through the model proposed in this paper.

Further Analyzing the Sybil Attack in Mitigating Peer-to-Peer Botnets

  • Wang, Tian-Zuo;Wang, Huai-Min;Liu, Bo;Ding, Bo;Zhang, Jing;Shi, Pei-Chang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.10
    • /
    • pp.2731-2749
    • /
    • 2012
  • Sybil attack has been proved effective in mitigating the P2P botnet, but the impacts of some important parameters were not studied, and no model to estimate the effectiveness was proposed. In this paper, taking Kademlia-based botnets as the example, the model which has the upper and lower bound to estimate the mitigating performance of the Sybil attack is proposed. Through simulation, how three important factors affect the performance of the Sybil attack is analyzed, which is proved consistent with the model. The simulation results not only confirm that for P2P botnets in large scale, the Sybil attack is an effective countermeasure, but also imply that the model can give suggestions for the deployment of Sybil nodes to get the ideal performance in mitigating the P2P botnet.

Network Session Analysis For BotNet Detection (봇넷 탐지를 위한 네트워크 세션 분석)

  • Park, Jong-Min
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.16 no.12
    • /
    • pp.2689-2694
    • /
    • 2012
  • In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spam. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this paper, we propose IRC (Internet Relay Chat) that is used to control the botnet communication in a session channel of IRC servers connected through the analysis of the relationship of the channel and the connection with the server bot-infected hosts and how to detect.

Cooperative Architecture for Centralized Botnet Detection and Management (협업 기반의 중앙집중형 봇넷 탐지 및 관제 시스템 설계)

  • Kwon, Jong-Hoon;Im, Chae-Tae;Choi, Hyun-Sang;Ji, Seung-Goo;Oh, Joo-Hyung;Jeong, Hyun-Cheol;Lee, Hee-Jo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.3
    • /
    • pp.83-93
    • /
    • 2009
  • In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spamming. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this study, we suggest an architecture to detect and regulate botnets using cooperative design which includes modules of gathering network traffics and sharing botnet information between ISPs or nations. Proposed architecture is effective to reveal evasive and world-wide botnets, because it does not depend on specific systems or hardwares, and has broadband cooperative framework.

A Research on Threats of Steganography-based Botnets constructed over the SNS Environment (SNS 환경에서의 Steganography 기반 Botnets 구축 가능성 조사 및 대응방안 연구)

  • Jeon, Jaewoo;Cho, Youngho
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2019.01a
    • /
    • pp.111-114
    • /
    • 2019
  • 최근 봇넷(Botnet)은 PC 뿐만 아니라 IoT 기기를 대상으로 확대되어 구축되고 있으며, 최신 기술들이 적용되면서 탐지와 방어가 어렵도록 구축되고 있다. 특히, 해커와 테러범 사이에서 많이 활용되는 정보 은닉 기술인 스테가노그래피(Steganography)가 적용된 Botnet(Stego-botnet)이 출현하였는데, 기존의 Botnet 형태와는 달리 SNS 환경을 Botnet 개체 사이의 통신 기반으로 활용하며 Steganography 기술로 통신 내용을 숨겨 탐지가 어렵기 때문에 그 위험성과 피해가 심각할 수 있다. 본 논문에서는 SNS 환경에서의 Steganography 기반 Botnet 구축 가능성을 조사하고, 실제로 카카오톡을 활용한 Steganography 기반 Botnet 통신 가능성을 실험한 후 결과를 제시하며, Steganography 기반 Botnet에 대한 탐지 및 역추적 방안을 간략히 제안한다.

  • PDF

A Study on Recent Approaches in Managing and Detection of DDoS Attacks

  • A. Anthony Paul Raj;J. K. Kani Mozhi
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.10
    • /
    • pp.159-163
    • /
    • 2024
  • In a system we use to share the data over the around the world. While sharing the data is to keep up the information confidentially. Attacker in the system may capture this privately data or distorted. So security is the principle piece of concern. There are a few security attacks in system. A standout among the most critical and modern day dangers is DDoS (Distributed disavowal of administrations) attacks. It gives an opportunity to an attacker to expand access to a huge number of computers by use their vulnerabilities to set up attacks systems or Botnets. The fundamental thought of this paper is to concentrate on modern day approaches managing and Detection of DDoS attacks