detection of peer to peer botnets
play

Detection of peer-to-peer botnets Matthew Steggink, Igor Idziejczak - PowerPoint PPT Presentation

Dec 01, 2022 •393 likes •570 views

Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection of peer-to-peer botnets Matthew Steggink, Igor Idziejczak February 6, 2008 1 / 17 Outline Introduction & theory

  1. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection of peer-to-peer botnets Matthew Steggink, Igor Idziejczak February 6, 2008 1 / 17

  2. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Introduction & theory Research question Peacomm case study Detection Conclusion & future work 2 / 17

  3. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Peer-to-peer botnets ◮ What are botnets . . . and peer-to-peer botnets? ◮ What’s the purpose of bots and botnets? 3 / 17

  4. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Botnet topology 4 / 17

  5. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Research question? in cooperation with SURFnet Detection of peer-to-peer botnets ◮ Why this research ◮ Goal of this research ◮ Previous work . . . 5 / 17

  6. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Peacomm Peacomm ◮ What is Peacomm ◮ DHT: Usage of the Overnet protocol 6 / 17

  7. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work How do users get infected? 7 / 17

  8. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Peacomm experimental setup ◮ Peer to peer botnet study ◮ Test environment ◮ Experimenting (CW Sandbox, PerilEyez, Rootkit Unhooker, Wireshark) 8 / 17

  9. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Infection ◮ Executable copy (noskrnl.exe) ◮ Time configuration ◮ Initial peer list (noskrnl.config) ◮ Creates a rule in the Windows Firewall ◮ Rootkit noskrnl.sys 9 / 17

  10. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Secondary injections ◮ Duplicate on the desktop ◮ Update malware through TCP connection ◮ Updates peer list and downloads spam message 10 / 17

  11. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Network analysis UDP ◮ Very noisy: 55 % ◮ Always same high numbered port (different on every host) ◮ Packet length (40-79): 98 %, in total: 51 % 11 / 17

  12. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Network analysis SMTP ◮ 5 % of total traffic → < 0,5% [1] ◮ 33 packets / second ipoque.com, Internet Study 2007 , August - September 2007 12 / 17

  13. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Network analysis MX queries ◮ 1 % of total traffic ◮ 4 packets / second → isolated case? ◮ Host MX queries are suspicious 13 / 17

  14. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection ◮ Protocol traffic ◮ SMTP ◮ MX queries ◮ Connection 14 / 17

  15. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection Figure: Comparison between all traffic (black), Peacomm traffic (red) and other traffic (blue) (generated with Wireshark) 15 / 17

  16. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Conclusion & future work ◮ Unique characteristics ◮ Hard to predict the future? ◮ Future Peacomm developments: less noisy, what now? ◮ New bots in the future: Agobot? 16 / 17

  17. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Questions? ◮ Matthew Steggink: matthew.steggink@os3.nl ◮ Igor Idziejczak: igor.idziejczak@os3.nl 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering University of Amsterdam Master thesis presentation, July 3 rd 2014 Supervisor: Pepijn Janssen RedSocks Botnets Large group of infected computers,

610 views • 23 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey George Hughey Richard Roberts Dave Levin University of Maryland The Max Planck Institute + for Software Systems Rise of IoT Botnets

569 views • 52 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

5/7/08 Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing servers provide special services to clients clients request service from a server Pure peer-peer computing all systems have equivalent

586 views • 20 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction Shudong Jin Case Western Reserve University NEONet Workshop, March 1, 2006 Peer-to-Peer Streaming Peer-to-peer systems versus client/server systems

292 views • 15 slides
THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In peer-to-peer networks, all the operations Peer-to-peer networks Proof-of-work equally rely on each node in the system. Digital signature Registry

328 views • 18 slides
Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford University Lear Conference July 25, 2015 1 Internet Marketplaces 2 On-Demand Services 3 Introduction Peer-to-peer

1.02k views • 25 slides
Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Introduction Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a decentralized manner Resource can be: computing, storage, bandwidth Function can be: computing, data sharing, D.

625 views • 6 slides
5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a good role model! She or he proudly represents the 6 pillars of character: Trustworthiness, Respect, Responsibility, Fairness, Caring, Citizenship A

258 views • 7 slides
P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16

P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16

P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16 Peer-to-peer (P2P) Peer-to-peer (P2P) Decentralized! Hard to coordinate with peers joining and leaving Peer-to-peer (P2P) Napster (1999) Peer-to-peer

869 views • 68 slides
Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI

Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI

Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI Conference, October 2018 About Self Help &amp; Peer Support Peer Navigator Services at Conestoga College A full-time Peer Navigator will provide:

579 views • 16 slides
Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale

Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale

UNIVERSITY OF MODENA AND REGGIO EMILIA Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale Mirco Marchetti, Michele Messori and Michele Colajanni WebLab, University of Modena and Reggio Emilia, Italy

297 views • 19 slides
Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Literature Feldman, Chuang Overcoming Free-Riding Behavior in Peer-to-Peer Systems, 2005

449 views • 24 slides
$ Circumventing Forensic Live-acquisition Tools &gt; Rootkits for

$ Circumventing Forensic Live-acquisition Tools &gt; Rootkits for

$ Circumventing Forensic Live-acquisition Tools &gt; Rootkits for dubious defensive purposes &gt; Yonne de Bruijn (yonne.debruijn@os3.nl) Digital Forensics $ retrieve

304 views • 27 slides
Countering Kernel Rootkits with Lightweight Hook Protection Michal Sekletar College of

Countering Kernel Rootkits with Lightweight Hook Protection Michal Sekletar College of

Countering Kernel Rootkits with Lightweight Hook Protection Michal Sekletar College of Engineering and Computer Science Orlando, FL April 2, 2012 Michal Sekletar (University of Central Florida) April 2, 2012 1 / 14 Acknowledgment

177 views • 14 slides
-[ OS X Kernel Rootkits ]- Liar! Macs have no viruses! Who Am I Don't take me too

-[ OS X Kernel Rootkits ]- Liar! Macs have no viruses! Who Am I Don't take me too

-[ OS X Kernel Rootkits ]- Liar! Macs have no viruses! Who Am I Don't take me too seriously, I fuzz the Human brain! The capitalist &quot;pig&quot; degrees: Economics &amp; MBA. Worked for the evil banking system! Security

833 views • 80 slides
French Fuel Cycle Strategy and Transition Scenario Studies Frank Carr Jean-Michel Delbecq

French Fuel Cycle Strategy and Transition Scenario Studies Frank Carr Jean-Michel Delbecq

French Fuel Cycle Strategy and Transition Scenario Studies Frank Carr Jean-Michel Delbecq Outlook Outlook What are scenario studies? World scenario studies French scenario studies The French fuel cycle French strategy for

342 views • 33 slides
Vol., No., Article Title Authors Date Journal/Conference Name

Vol., No., Article Title Authors Date Journal/Conference Name

Vol., No., Article Title Authors Date Journal/Conference Name / Pages Vol. 2 , Password Memorability and Security A. Blackwell, R. Anderson, Sept.-Oct. 1 2020/06/01 Issue 5 , 25 - IEEE Security

342 views • 3 slides
What is all that crap? Analysis of DNS root server bogus queries Authors: Danil Snchez

What is all that crap? Analysis of DNS root server bogus queries Authors: Danil Snchez

RIPE Network Coordination Centre What is all that crap? Analysis of DNS root server bogus queries Authors: Danil Snchez &amp; Joost Pijnaker Education: System &amp; Network Engineering Supervisors: Cees de Laat (UvA) Daniel

959 views • 47 slides
Technology Neutrality, Technology Sovereignty and the Architect of Technology of 21st Century

Technology Neutrality, Technology Sovereignty and the Architect of Technology of 21st Century

Technology Neutrality, Technology Sovereignty and the Architect of Technology of 21st Century (High Level) Policy Dialogue Technology and Innovation Policy in the Age of Global Value Chain International Institute for Trade and Development

840 views • 22 slides
By growing in exports, we grow our ho.ME Nata a ukanovi CMO, Domain.Me 1000000

By growing in exports, we grow our ho.ME Nata a ukanovi CMO, Domain.Me 1000000

By growing in exports, we grow our ho.ME Nata a ukanovi CMO, Domain.Me 1000000 1200000 200000 400000 600000 800000 0 1/Apr/08 1/Jul/08 1/Oct/08 1/Jan/09 1/Apr/09 1/Jul/09 1/Oct/09 1/Jan/10 1/Apr/10 1/Jul/10 1/Oct/10

258 views • 25 slides

More recommend