Protecting web 2.0 services from botnet exploitations
| Contribuinte(s) |
O'Conner, Lisa |
|---|---|
| Data(s) |
2010
|
| Resumo |
Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the botnet owner via a communication channel called Command and Control (C & C) channel. There are three main C & C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such botnet was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C & C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification. |
| Identificador | |
| Publicador |
IEEE |
| Relação |
DOI:10.1109/CTC.2010.10 Vo, Nguyen H. & Pieprzyk, Josef (2010) Protecting web 2.0 services from botnet exploitations. In O'Conner, Lisa (Ed.) Proceedings of the Second Cybercrime and Trustworthy Computing Workshop, IEEE, Ballarat, Victoria, Australia, pp. 18-28. |
| Direitos |
Copyright © 2010 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Copyright and Reprint Permissions: Abstracting is permitted with credit to the source. Libraries may photocopy beyond the limits of US copyright law, for private use of patrons, those articles in this volume that carry a code at the bottom of the first page, provided that the per-copy fee indicated in the code is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923. Other copying, reprint, or republication requests should be addressed to: IEEE Copyrights Manager, IEEE Service Center, 445 Hoes Lane, P.O. Box 133, Piscataway, NJ 08855-1331. |
| Fonte |
School of Electrical Engineering & Computer Science; Science & Engineering Faculty |
| Palavras-Chave | #Botnet #Web 2.0 #Trojan 2.0 #API #MAC address #Communication channel #CAPTCHA |
| Tipo |
Conference Paper |
