8 resultados para Botnet
Resumo:
Botnets are a group of computers infected with a specific sub-set of a malware family and controlled by one individual, called botmaster. This kind of networks are used not only, but also for virtual extorsion, spam campaigns and identity theft. They implement different types of evasion techniques that make it harder for one to group and detect botnet traffic. This thesis introduces one methodology, called CONDENSER, that outputs clusters through a self-organizing map and that identify domain names generated by an unknown pseudo-random seed that is known by the botnet herder(s). Aditionally DNS Crawler is proposed, this system saves historic DNS data for fast-flux and double fastflux detection, and is used to identify live C&Cs IPs used by real botnets. A program, called CHEWER, was developed to automate the calculation of the SVM parameters and features that better perform against the available domain names associated with DGAs. CONDENSER and DNS Crawler were developed with scalability in mind so the detection of fast-flux and double fast-flux networks become faster. We used a SVM for the DGA classififer, selecting a total of 11 attributes and achieving a Precision of 77,9% and a F-Measure of 83,2%. The feature selection method identified the 3 most significant attributes of the total set of attributes. For clustering, a Self-Organizing Map was used on a total of 81 attributes. The conclusions of this thesis were accepted in Botconf through a submited article. Botconf is known conferênce for research, mitigation and discovery of botnets tailled for the industry, where is presented current work and research. This conference is known for having security and anti-virus companies, law enforcement agencies and researchers.
Resumo:
Tutkimuksen tarkoituksena on selvittää lähdemateriaalin avulla mitä DoS- ja DDoS-hyökkäykset ovat, kuinka niitä voidaan hyödyntää ja mitä vaikutuksia niillä on verkossa. Tutkimuksessa vastataan kysymyksiin: mitä ovat DoS- ja DDoS-hyökkäykset, mikä merkitys botnet-verkoilla on DDoS-hyökkäyksissä, mitä vaikutuksia voidaan saavuttaa DoS- ja DDoS-hyökkäyksillä ja minkälaisia tunnettuja DoS- ja DDoS-hyökkäysmalleja on olemassa. Tutki-muksen tavoitteena on kasvattaa lukijan teknistä ymmärrystä palvelunestohyökkäyksistä yh-tenä verkkohyökkäyksen keinona. Tutkimuksessa käytetty lähdemateriaali koostuu mittavilta osin internetpohjaisista lähteista ja julkisista artikkeleista. Aihe on ajankohtainen ja jatkuvasti tekniikan mukana kehittyvä, eikä uusinta tietoa iskuista ole aina painettu kirjoihin. Aiheen teknisiä perusperiaatteita käsittelevissä osuuksissa on käytetty lähdemateriaalina myös kirjal-lisuuslähteitä. Tutkimusmenetelmänä tutkimuksessa on laadullinen kirjallisuuskatsaus. Palvelunestohyökkäykset ovat ajankohtainen tapa hyökätä erilaisia verkkoja vastaan globali-soituvassa maailmassa. Hyökkäysten tavoitteena on vaikuttaa kohteeseen lamauttaen kohde-verkko määritetyksi tai määrittelemättömäksi ajaksi ja näin edesauttaa hyökkääjän ajamia motiiveja hyökkäyksen toteuttamiseksi. Teknisiä malleja toteuttaa hyökkäys on lukematto-mia, mutta lukuisat eri protokollia hyödyntävät mallit ovat usein perusrakenteeltaan hyvin samankaltaisia ja tunnistettavia. Palvelunestohyökkäykset ovat kustannustehokas ja nykyai-kainen vaikutuksen keino haluttuun kohteeseen, useissa eri käyttötarkoituksissa.
Resumo:
Leveraging cloud services, companies and organizations can significantly improve their efficiency, as well as building novel business opportunities. Cloud computing offers various advantages to companies while having some risks for them too. Advantages offered by service providers are mostly about efficiency and reliability while risks of cloud computing are mostly about security problems. Problems with security of the cloud still demand significant attention in order to tackle the potential problems. Security problems in the cloud as security problems in any area of computing, can not be fully tackled. However creating novel and new solutions can be used by service providers to mitigate the potential threats to a large extent. Looking at the security problem from a very high perspective, there are two focus directions. Security problems that threaten service user’s security and privacy are at one side. On the other hand, security problems that threaten service provider’s security and privacy are on the other side. Both kinds of threats should mostly be detected and mitigated by service providers. Looking a bit closer to the problem, mitigating security problems that target providers can protect both service provider and the user. However, the focus of research community mostly is to provide solutions to protect cloud users. A significant research effort has been put in protecting cloud tenants against external attacks. However, attacks that are originated from elastic, on-demand and legitimate cloud resources should still be considered seriously. The cloud-based botnet or botcloud is one of the prevalent cases of cloud resource misuses. Unfortunately, some of the cloud’s essential characteristics enable criminals to form reliable and low cost botclouds in a short time. In this paper, we present a system that helps to detect distributed infected Virtual Machines (VMs) acting as elements of botclouds. Based on a set of botnet related system level symptoms, our system groups VMs. Grouping VMs helps to separate infected VMs from others and narrows down the target group under inspection. Our system takes advantages of Virtual Machine Introspection (VMI) and data mining techniques.
Resumo:
Les alertes que nos logiciels antivirus nous envoient ou encore les différents reportages diffusés dans les médias nous font prendre conscience de l'existence des menaces dans le cyberespace. Que ce soit les pourriels, les attaques par déni de service ou les virus, le cyberespace regorge de menaces qui persistent malgré les efforts qui sont déployés dans leur lutte. Est-ce que cela a à voir avec l'efficacité des politiques en place actuellement pour lutter contre ce phénomène? Pour y répondre, l'objectif général du présent mémoire est de vérifier quelles sont les politiques de prévention (lois anti-pourriel, partenariats publics-privés et démantèlements de botnets) qui influencent le plus fortement le taux de menaces informatiques détectées, tout en s'attardant également à l'effet de différents facteurs socio-économiques sur cette variable. Les données collectées par le logiciel antivirus de la compagnie ESET ont été utilisées. Les résultats suggèrent que les partenariats publics-privés offrant une assistance personnalisée aux internautes s'avèrent être la politique de prévention la plus efficace. Les démantèlements de botnets peuvent également s'avérer efficaces, mais seulement lorsque plusieurs acteurs/serveurs importants du réseau sont mis hors d'état de nuire. Le démantèlement du botnet Mariposa en est un bon exemple. Les résultats de ce mémoire suggèrent que la formule partenariats-démantèlements serait le choix le plus judicieux pour lutter contre les cybermenaces. Ces politiques de prévention possèdent toutes deux des méthodes efficaces pour lutter contre les menaces informatiques et c'est pourquoi elles devraient être mises en commun pour assurer une meilleure défense contre ce phénomène.
Resumo:
An E-Learning Gateway for the latest news and information relating to Computer Crime for INFO2009
Resumo:
Since the Morris worm was released in 1988, Internet worms continue to be one of top security threats. For example, the Conficker worm infected 9 to 15 million machines in early 2009 and shut down the service of some critical government and medical networks. Moreover, it constructed a massive peer-to-peer (P2P) botnet. Botnets are zombie networks controlled by attackers setting out coordinated attacks. In recent years, botnets have become the number one threat to the Internet. The objective of this research is to characterize spatial-temporal infection structures of Internet worms, and apply the observations to study P2P-based botnets formed by worm infection. First, we infer temporal characteristics of the Internet worm infection structure, i.e., the host infection time and the worm infection sequence, and thus pinpoint patient zero or initially infected hosts. Specifically, we apply statistical estimation techniques on Darknet observations. We show analytically and empirically that our proposed estimators can significantly improve the inference accuracy. Second, we reveal two key spatial characteristics of the Internet worm infection structure, i.e., the number of children and the generation of the underlying tree topology formed by worm infection. Specifically, we apply probabilistic modeling methods and a sequential growth model. We show analytically and empirically that the number of children has asymptotically a geometric distribution with parameter 0.5, and the generation follows closely a Poisson distribution. Finally, we evaluate bot detection strategies and effects of user defenses in P2P-based botnets formed by worm infection. Specifically, we apply the observations of the number of children and demonstrate analytically and empirically that targeted detection that focuses on the nodes with the largest number of children is an efficient way to expose bots. However, we also point out that future botnets may self-stop scanning to weaken targeted detection, without greatly slowing down the speed of worm infection. We then extend the worm spatial infection structure and show empirically that user defenses, e.g. , patching or cleaning, can significantly mitigate the robustness and the effectiveness of P2P-based botnets. To counterattack, we evaluate a simple measure by future botnets that enhances topology robustness through worm re-infection.
Resumo:
Botnets, which consist of thousands of compromised machines, can cause a significant threat to other systems by launching Distributed Denial of Service attacks, keylogging, and backdoors. In response to this threat, new effective techniques are needed to detect the presence of botnets. In this paper, we have used an interception technique to monitor Windows Application Programming Interface system calls made by communication applications. Existing approaches for botnet detection are based on finding bot traffic patterns. Our approach does not depend on finding patterns but rather monitors the change of behaviour in the system. In addition, we will present our idea of detecting botnet based on log correlations from different hosts.
Resumo:
La implementación del voto electrónico en Colombia, mandato legal originado en la Ley 892 de 2004 en desarrollo del artículo 258 de la Constitución Política de Colombia, es el tema del presente trabajo, en el cual se hace un compendio histórico de la evolución del voto en Colombia, pasando a establecer los avances en el cumplimiento de la llamada por muchos “Ley de Voto Electrónico”, haciendo un recorrido por las actividades realizadas por la Organización Electoral, en especial, por la Registraduría Nacional del Estado Civil, entidad gubernamental cabeza del proceso, donde se han cumplido algunas tareas encaminadas inicialmente a la realización de la prueba piloto que permita tomar experiencias para la implementación de dicho mecanismo. Así mismo, se hace una descripción de las dificultades tanto en Colombia como en otros países del mundo que han implementado el voto electrónico o lo están considerando. Un aspecto fundamental en el análisis son los estudios que tanto defensores como contradictores de este mecanismo de votación hacen, encontrando que con la misma fuerza se defiende y se ataca y que no hay una posición única, quizá la coincidencia está en que es un proceso que requiere de un alto grado de confianza de los actores involucrados, puesto que es lo que logra legitimarlo. Finalizando con las conclusiones, que dan cuenta de la realidad respecto a la viabilidad de la implementación del voto electrónico en Colombia.
