NGBPA Next Generation BotNet Protocol Analysis
نویسندگان
چکیده
The command & control (c&c) protocols of botnets are moving away from plaintext IRC communicationt towards encrypted and obfuscated protocols. In general, these protocols are proprietary. Therefore, standard network monitoring tools are not able to extract the commands from the collected traffic. However, if we want to monitor these new botnets, we need to know how their protocol decryption works. In this paper we present a novel approach in malware analysis for locating the encryption and decryption functions in botnet programs. This information can be used to extract these functions for c&c protocols. We illustrate the applicability of our approach by a sample from the Kraken botnet. Using our approach, we were able to identify the encryption routine within minutes. We then extracted the c&c protocol encryption and decryption. Both are presented in this paper.
منابع مشابه
The Next Generation Botnet Attacks And Defenses
A “botnet” is a network of compromised computers (bots) that are controlled by an attacker (botmasters). Botnets are one of the most serious threats to today’s Internet; they are the root cause of many current Internet attacks, such as email spam, distributed denial of service (DDoS) attacks , click fraud, etc. There have been many researches on how to detect, monitor, and defend against botnet...
متن کاملPeer-to-Peer Botnets: The Next Generation of Botnet Attacks
“Botnet” is a network of computers that are compromised and controlled by an attacker. Botnets are one of the most serious threats to today’s Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Without C&C servers, P2P botnets are more resilient to defense...
متن کاملA Closer Look at the HTTP and P2P Based Botnets from a Detector's Perspective
Botnets are one of the main aggressive threats against cybersecurity. To evade the detection systems, recent botnets use the most common communication protocols on the Internet to hide themselves in the legitimate users traffic. From this perspective, most recent botnets are HTTP based and/or Peer-to-Peer (P2P) systems. In this work, we investigate whether such structural differences have any i...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کامل