1 / 16

Speaker : Yi-Ting Tsai Date : 102.11.7

A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang , Baochen Lu , Peng L iao , Chaoge Liu , Xiang Cui - Computer Science and Automation Engineering (CSAE), 2011 IEEE International Conference . Speaker : Yi-Ting Tsai Date : 102.11.7. Outline .

marlis
Download Presentation

Speaker : Yi-Ting Tsai Date : 102.11.7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang , Baochen Lu , Peng Liao , Chaoge Liu , Xiang Cui - Computer Science and Automation Engineering (CSAE), 2011 IEEE International Conference Speaker : Yi-Ting Tsai Date : 102.11.7

  2. Outline • Centralized Botnet • P2P Botnet • Hyprid P2P Botnet • Hierechical hybrid Botnet • Robustness Simulation • Defense against the proposed Botnet • Conclusion

  3. Botnet

  4. Characteristics: • relay on C&C Servers • Weakness: • single-failure • Example: • AgoBot , SDBot , SpyBot

  5. P2P Botnet • Kademlia-based protocol • Example : Slapper botnets -- -- • Bootstrap failure • Sybil attack -- -- -- -- • random probing protocol • Example : Sinit botnets • Extensive abnormal traffic -- -- • Sybil attack

  6. ---- Servent bots (server+client) ---- • servent bots :static global IP • slave bots:dynamic private IP ---- ---- ---- Peer list --------- --------- Slave bots (client) • Weakness: • Sybil attack • communication between clients Servent bots IP ---- ----

  7. Servent bots (server+client) • Hierechical hybrid Botnet • 1 . Resolve -- • Sybil attack • communication between clients Slave bots (client) 2 . Difficult to be shut down 3 . Keep botnet under control

  8. No • detect • No • hijacking • No • Sybil attack • Advanced • bootstrap process Poll fail Poll fail 2 failure 1 failure N-1 failure 0 failure Poll succeed Poll succeed Poll fail Poll succeed 0 failure N failure 0 failure N-1 failure 2 failure N failure 1 failure Poll fail Delete

  9. No • detect • No • hijacking • No • Sybil attack • Advanced • bootstrap process Peer list 0 failure 1 failure < IP , port > . . . . N failure

  10. No • detect • No • hijacking • No • Sybil attack • Advanced • bootstrap process Peer list • Random serviceport 0 failure < IP , port > • + • Data encryption 1 failure . . . . • || • Perfect ! N failure

  11. No • detect • No • hijacking • No • Sybil attack • Advanced • bootstrap process • Communication Encryption Private key • One-time padding Public key Public key • Command Authentication Private key Private key • Private key signature Public key

  12. Robustness Simulation Definition : the probability that a botnet remains connected together after a fraction of bots are removed. G = ( V , E ) V : bots

  13. Simulation settings Servent bots : 25% Maximum size of botnets : 10000 Peer list () : 20 • igraph library • Network Workbench • Tool

  14. Peer list size and Robustness Servent bots : 25% Maximum size of botnets : 10000 Bots to removed ( P ) = 95%

  15. Defense against the proposed Botnet • Host-based Detection • Signature-based malware detection • Behavior-based detection • Honeypot-based Monitoring

  16. Conclusion • Hierarchical hybrid p2p botnet • an advanced peer list • It can defend against Sybil attacks • Weakness : • very high complexity • very high latency

More Related