Papers by Keyword: Botnet

Abstract: The Mirai botnet malware creates a botnet by compromising Internet of Things (IoT) devices, including cameras and digital video recorders that are linked to a network. Individually, IoT devices lack significant processing power; however, when a vast number of these devices are utilized together, it becomes feasible to commence a high-powered attack. Mirai mutations are generated daily and continue to proliferate, inflict damages resulting in distributed denial-of-service (DDoS) attack which maliciously attempt to disrupt a server service or network traffic by flooding the target infrastructure with excessive amount of Internet traffic, using intrusion methods as the original malware is indicative of IoT device vendors’ chronic neglect in applying even basic security practices. To understand how Mirai operates, we used the Build Your Own Botnet (BYOB) variant to simulate a botnet attack. The BYOB source code was setup and deployed in a controlled lab environment to simulate botnet-driven DDoS attacks against our IoT devices communicating over AMQP using RabbitMQ sever. The simulation resulted in memory usage increase from 682M/5.79G before attack to 1.71G/5.79G during attack. This indicates system stress exerted on the IoT ecosystem by bots from the Mirai botnet attack, thereby reducing the performance of the IoT devices and making it unresponsive.

Abstract: Protection object of data center is Botnet according to IRC (Internet Relay Chat) [2] protocol to spread. However, in order to be more covert and stronger, the design architecture and communication methods of Botnet are also constantly upgrading and innovating.

Abstract: Technology of Private Clouds based on honeynet has been applied to the data center, in order to cut out and analyze Botnet existing in the Internet.

Abstract: How to detect Botnet has become a very important problem in security network. The existent detection methods based on network traffic and host behaviors cant handle the emergency Botnets. In this paper we present an optimized method to analyze the similarity and time period of Botnets behaviors. In the end, our method gets an effective result. Our method uses the IDS-like architecture, which develops six specific components to detect six important Botnets abnormal behaviors. And it builds correlation rules to calculate match score. Through the experiments described in the paper, we can see that our method can not only detect already known Botnets precisely, but also detect unknown Botnets to some extent. The experiments prove that our method is effective and it has some advantages compared with other methods. At last, the paper proposes the future direction and the points that need to be improved.

Abstract: As an effective platform for networking attacking, the botnet brings the most serious threats. In this paper, botnets are categorized into three classes based on network structure. They are centralized botnet, distributed (P2P) bornet and hybrid botnet. This paper divides botnet defense techniques into three fields: detection, measurement and restraint. It analyzes each field in detail, and discusses that which defense technique is suitable for what kind of botnet.

Abstract: Due to the trend that mobile devices are getting more and more popular, smart phone security becomes an important issue nowadays. This paper proposes an Android-based botnet, called JokerBot, to show the possible security problems in mobile devices. This paper describes JokerBot framework. JokerBot designs its own communication mechanism to allow different bots to communicate with each other. An attacker can use JokerBot to trigger many kinds of potential attacks, such as monitoring the SMS messages and location disclosure. Moreover, after a bot is created in a compromised smartphone, it is difficult to locate the botmaster and detect whether the smartphone is infected or not. Finally, this paper proposes some defense mechanisms to protect a smartphone against JokerBot attacks.

Abstract: Botnets are growing in size, number and impact. It continues to be one of the top three web threats that mankind has ever known. The botnets are the souped-up cyber engines driving nearly all criminal commerce on the Internet and are seen as relaying millions of pieces of junk e-mail, or spam. Thus, the need of the hour is the early detection and identification of the heart of network packet flooding or the C&C centre. Most of the botmasters perform DDos attacks on a target server by spoofing the source IP address. The existing botnet detection techniques rely on machine learning algorithms and do not expound the IP spoofing issue. These approaches are also found to be unsuccessful in the meticulous identification of the botmasters. Here we propose an architecture that depend on the PSO-based IP tracebacking. Our architecture also introduces the IP spoofing detector unit so as to ensure that the Traceback moves in the right direction. The approach also detects the zombies and utilizes the PSO optimization technique that aid in the identification of the C&C node. The experimental results show that our approach is successful in prompt detection of the bots.

Abstract: In recent years, IP flow identification in botnet detection attracts attentions in network security. IP flows associated with bot masters can be used to trace the botnet source. Most botnets suffer a large of IP-based attacks. This paper attempts to explore the correlations between attack behaviors and IP flows. By data collection, sets of functions concerning inference rules and conversion of data format, this paper successfully identifies the botnet attacks by IP flows and the inference patterns. The IP flow-based intrusion detection can efficiently find alert data correlation.

Abstract: The paper applies the segmentation of peer-to- peer network to the defense process of P2P-based botnet, in order to cause the greatest damage on the P2P network. A lot of papers have been researching how to find the key nodes in P2P networks. To solve this problem, this paper proposes distributed detection algorithm NEI and centralized detection algorithm COR for detecting cut vertex, NEI algorithm not only apply to detect cut vertex of directed graph but also to the undirected graph. COR algorithm can reduce the additional communication. Then, this paper carries out simulation on P2P botnet, the simulation results show that the maximum damage on the botnet can be achieved by destructing key nodes.

Abstract: Recognized as one the most serious security threats on current Internet infrastructure, botnets with its low resource requirements have developed rapidly. How to detect botnets has become a major topic of current research. Based on existing research results, this paper proposes a new detection strategy, which solves unknown botnet detection efficiency by the behavioral characteristics of botnets. The core idea is separating static characteristic and dynamic behavior of botnet, and optimizing dynamic the parameters of dynamic behavior, and changing passive defense into active defense. According to the behavior of the attacker, this strategy can optimize behavior parameters. The proposed approach has the commonality and the expansibility, which strengthen unknown botnet defense fundamentally.