Detecting BOT Victim in Client Networks
ثبت نشده
چکیده
In this paper we discuss my research in detecting bot victim in client networks. Botnets are collections of Internet hosts (―bots‖) that, through malware infection, have fallen under the control of a single entity (―botmaster‖). Botnets perform network scanning for different reasons: propagation, enumeration, penetration. One common type of scanning, called ―horizontal scanning,‖ systematically probes the same protocol port across a given range of IP addresses, sometimes selecting random IP addresses as targets. To infect new hosts in order to recruit them as bots, some botnets, e.g., Conficker perform a horizontal scan continuously using self-propagating worm code that exploits a known system vulnerability. In this project, we focus on a different type of botnet scan—one performed under the explicit command and control of the botmaster, occurring over a well-delimited interval.
منابع مشابه
Detecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملWDA: A Web farm Distributed Denial Of Service attack attenuator
Distributed Denial Of Service (DDoS) attacks are familiar threats to Internet users for more than ten years. Such attacks are carried out by a “Bot net”, an army of zombie hosts spread around the Internet, that overwhelm the bandwidth toward their victim Web server, by sending traffic upon command. This paper introduces WDA, a novel architecture to attenuate the DDoS attacker’s bandwidth. WDA i...
متن کاملDetecting Long Connection Chains of Interactive Terminal Sessions
To elude detection and capture, hackers chain many computers together to attack the victim computer from a distance. This report proposes a new strategy for detecting suspicious remote sessions, used as part of a long connection chain. Interactive terminal sessions behave differently on long chains than on direct connections. The time gap between a client request and the server delayed acknowle...
متن کاملBotMosaic: Collaborative Network Watermark for Botnet Detection
Recent research has made great strides in the field of detecting botnets. However, botnets of all kinds continue to plague the Internet, as many ISPs and organizations do not deploy these techniques. We aim to mitigate this state by creating a very low-cost method of detecting infected bot host. Our approach is to leverage the botnet detection work carried out by some organizations to easily lo...
متن کامل