• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1497-1499
• /
• 2009

최근 들어 스팸 메일, 키 로깅, DDoS와 같은 공격에 Botnet이 사용되고 있다. Botnet은 크래커에 의해 명령, 제어되는 Bot에 감염된 클라이언트로 이루어진 네트워크이다. 지금까지 유선망의 Botnet을 탐지하기 위한 많은 기법이 제안되었지만, 현재 많은 개발이 이루어지고 있는 6LoWPAN과 같은 무선 센서 네트워크상의 Botnet에 관한 연구와 그 대처방안은 전무한 상태이다. 본 논문에서는 6LoWPAN 환경에서 Botnet이 얼마나 위험할 수 있는지 살펴보고 이를 탐지하기 위한 메커니즘을 제안하고자 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.111-114
• /
• 2019

최근 봇넷(Botnet)은 PC 뿐만 아니라 IoT 기기를 대상으로 확대되어 구축되고 있으며, 최신 기술들이 적용되면서 탐지와 방어가 어렵도록 구축되고 있다. 특히, 해커와 테러범 사이에서 많이 활용되는 정보 은닉 기술인 스테가노그래피(Steganography)가 적용된 Botnet(Stego-botnet)이 출현하였는데, 기존의 Botnet 형태와는 달리 SNS 환경을 Botnet 개체 사이의 통신 기반으로 활용하며 Steganography 기술로 통신 내용을 숨겨 탐지가 어렵기 때문에 그 위험성과 피해가 심각할 수 있다. 본 논문에서는 SNS 환경에서의 Steganography 기반 Botnet 구축 가능성을 조사하고, 실제로 카카오톡을 활용한 Steganography 기반 Botnet 통신 가능성을 실험한 후 결과를 제시하며, Steganography 기반 Botnet에 대한 탐지 및 역추적 방안을 간략히 제안한다.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.205-211
• /
• 2024

The increasing number of botnet attacks incorporating new evasion techniques making it infeasible to completely secure complex computer network system. The botnet infections are likely to be happen, the timely detection and response to these infections helps to stop attackers before any damage is done. The current practice in traditional IP networks require manual intervention to response to any detected malicious infection. This manual response process is more probable to delay and increase the risk of damage. To automate this manual process, this paper proposes to automatically select relevant countermeasures for detected botnet infection. The propose approach uses the concept of flow trace to detect botnet behavior patterns from current and historical network activity. The approach uses the multiclass machine learning based approach to detect and classify the botnet activity into IRC, HTTP, and P2P botnet. This classification helps to calculate the risk score of the detected botnet infection. The relevant countermeasures selected from available pool based on risk score of detected infection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.37-44
• /
• 2011

Recently malicious activities that is a DDoS, spam, propagation of malware, steeling person information, phishing on the Internet are related malicious botnet. To detect malicious botnet, Many researchers study a detection system for malicious botnet, but these applies specific protocol, action or attack based botnet. In this reason, we study a selection of measurement to detec malicious botnet in this paper. we collect a traffic of malicious botnet and analyze it for feature of network traffic. And we select a feature based measurement. we expect to help a detection of malicious botnet through this study.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.704-719
• /
• 2024

Botnet pandemics are becoming more prevalent with the growing use of mobile phone technologies. Mobile phone technologies provide a wide range of applications, including entertainment, commerce, education, and finance. In addition, botnet refers to the collection of compromised devices managed by a botmaster and engaging with each other via a command server to initiate an attack including phishing email, ad-click fraud, blockchain, and much more. As the number of botnet attacks rises, detecting harmful activities is becoming more challenging in handheld devices. Therefore, it is crucial to evaluate mobile botnet assaults to find the security vulnerabilities that occur through coordinated command servers causing major financial and ethical harm. For this purpose, we propose a hybrid analysis approach that integrates permissions and API and experiments on the machine-learning classifiers to detect mobile botnet applications. In this paper, the experiment employed benign, botnet, and malware applications for validation of the performance and accuracy of classifiers. The results conclude that a classifier model based on a simple decision tree obtained 99% accuracy with a low 0.003 false-positive rate than other machine learning classifiers for botnet applications detection. As an outcome of this paper, a hybrid approach enhances the accuracy of mobile botnet detection as compared to static and dynamic features when both are taken separately.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.659-660
• /
• 2009

Botnet은 공격자의 명령을 받아 공격을 수행하는 Bot과 bot을 관리하는 서버(혹은 peer)로 이루어진 네트워크이다. 유선 네트워크 상에서 Botnet을 탐지하기 위해서 많은 메커니즘이 제안되었지만 6LoWPAN과 같은 IP 기반의 센서네트워크 상에서 Botnet의 유형이나 탐지법에 대해서는 제안된 메커니즘이 없었다. 본 논문에서는 6LoWPAN 환경에서 Botnet의 공격 유형과 탐지법을 제안하고 구현 사례를 설명한다.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.81-90
• /
• 2014

As mobile devices have become widely used and developed, PC based malwares can be moving towards mobile-based units. In particular, mobile Botnet reuses powerful malicious behavior of PC-based Botnet or add new malicious techniques. Different from existing PC-based Botnet detection schemes, mobile Botnet detection schemes are generally host-based. It is because mobile Botnet has various attack vectors and it is difficult to inspect all the attack vector at the same time. In this paper, to overcome limitations of host-based scheme, we compare two network-based schemes which detect mobile Botnet by applying HMM and SVM techniques. Through the verification analysis under real Botnet attacks, we present detection rates and detection properties of two schemes.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.69-79
• /
• 2017

In this paper, we propose our four-phase life cycle of P2P botnet with corresponding detection methods and the future direction for more effective P2P botnet detection. Our proposals are based on the intensive analysis that compares existing P2P botnet detection schemes in different points of view such as life cycle of P2P botnet, machine learning methods for data mining based detection, composition of data sets, and performance matrix. Our proposed life cycle model composed of linear sequence stages suggests to utilize features in the vulnerable phase rather than the entire life cycle. In addition, we suggest the hybrid detection scheme with data mining based method and our proposed life cycle, and present the improved composition of experimental data sets through analysing the limitations of previous works.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.123-132
• /
• 2021

Malicious activities of Botnets are responsible for huge financial losses to Internet Service Providers, companies, governments and even home users. In this paper, we try to confirm the possibility of detecting botnet traffic by applying the deep learning model Convolutional Neural Network (CNN) using the CTU-13 botnet traffic dataset. In particular, we classify three classes, such as the C&C traffic between bots and C&C servers to detect C&C servers, traffic generated by bots other than C&C communication to detect bots, and normal traffic. Performance metrics were presented by accuracy, precision, recall, and F1 score on classifying both known and unknown botnet traffic. Moreover, we propose a stackable botnet detection system that can load modules for each botnet type considering scalability and operability on the real field.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.1
• /
• pp.47-55
• /
• 2009

Bot is a kind of worm/virus that is remotely controlled by a herder. Bot can be used to launch distributed denial-of-service(DDoS) attacks or send spam e-mails etc. Launching cyber attacks using malicious Bots is motivated by increased monetary gain which is not the objective of worm/virus. However, it is very difficult for infected user to detect this infection of Botnet which becomes more serious problems. This is why botnet is a dangerous, malicious program. The Bot DNS Sinkhole is a domestic bot mitigation scheme which will be proved in this paper as one of an efficient ways to prevent malicious activities caused by bots and command/control servers. In this paper, we analysis botnet activities over more than one-year period, including Bot's lifetime, Bot command/control server's characterizing. And we analysis more efficient ways to prevent botnet activities. We have showed that DNS sinkhole scheme is one of the most effective Bot mitigation schemes.