threat analysis of a cellular botnet regarding dos attacks
play

Threat analysis of a Cellular Botnet regarding DoS attacks - PowerPoint PPT Presentation

Aug 27, 2023 •98 likes •311 views

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Threat analysis of a Cellular Botnet regarding DoS attacks (Bedrohungsanalyse von Mobilfunk-Botnetzen im Hinblick auf DoS-Angriffe)

  1. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Threat analysis of a Cellular Botnet regarding DoS attacks (Bedrohungsanalyse von Mobilfunk-Botnetzen im Hinblick auf DoS-Angriffe) Supervisor: Marc Fouquet, Alexander Klein Lucas Louca November 17, 2010 Wednesday, November 17, 2010

  2. Outline  Introduction/Motivation  Related Work  Analysis  Evaluation  Summary Threat analysis of a Cellular Botnet regarding DoS attacks 2 Wednesday, November 17, 2010

  3. Introduction and Motivation  More powerful and intelligent cell phones  Number of smartphone users increases  Cell phones have a constantly assigned IP Address  Cell phones allow short range communication with the use of Bluetooth Cell Cell  Increased risk of malware distribution through unauthorized drive by downloads  DoS attacks on cellular networks become possible through cellular botnets Botmaster Threat analysis of a Cellular Botnet regarding DoS attacks 3 Wednesday, November 17, 2010

  4. Introduction and Motivation What motivates a potential adversary?  Make services unavailable by saturating bandwidth just for fun  The adversary may be an unsatisfied employee  Financial reasons  Political reasons Threat analysis of a Cellular Botnet regarding DoS attacks 4 Wednesday, November 17, 2010

  5. Introduction and Motivation  Some considerations about the scenarios  Infected mobile devices should not produce constant control traffic in order to stay undetectable and save battery life  Attacks on the cells are launched through voice calls and only when a cell exhaustion is guaranteed in order to avoid unnecessary traffic  Create scenarios where nodes act totally autonomously  Decisions are made within ad-hoc like networks  Create scenarios where the botnet is controlled by a botmaster  Partially controlled by the botmaster  Fully controlled by the botmaster Threat analysis of a Cellular Botnet regarding DoS attacks 5 Wednesday, November 17, 2010

  6. Introduction and Motivation  Objective: Study the possibilities of potential attacks  Build up possible botnet control scenarios  Simulate a cellular botnet using the different control scenarios  Examine the test results  Determine the danger degree of possible attacks  Project the results of the simulations on a larger area 50 Random Walk Random Waypoint 45 Random Waypoint Hotspots 40 35 Number of Cell downs 30 25 20 15 10 5 2 4 6 8 10 12 14 Mean speed (m/s) Threat analysis of a Cellular Botnet regarding DoS attacks 6 Wednesday, November 17, 2010

  7. Related Work The Threat of Mobile Worms [Marc Fouquet, Elnaz Eghbali Afshar, and Georg Carle.] Bluetooth Worm Propagation: Mobility Pattern Matters! [Yan, Guanhua and Flores, Hector D. and Cuellar, Leticia and Hengartner, Nicolas and Eidenbenz, Stephan and Vu, Vincent .] On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core [Patrick Traynor] An Empirical Study on 3G Network Capacity and Performance [Wee Lum Tan, Fung Lam and Wing Cheong Lau.] Mobility Models for Ad hoc Network Simulation [Guevara Noubir Guolong Lin und Rajmohan Rajaraman] Threat analysis of a Cellular Botnet regarding DoS attacks 7 Wednesday, November 17, 2010

  8. Analysis - Scenarios  Coordinated attack through a Master Server (Central Controlled)  Produces a great amount of control traffic  Botmaster has a more granular view over his botnet  Cell exhaustion is guaranteed as long as the needed amount of nodes exist within a cell Threat analysis of a Cellular Botnet regarding DoS attacks 8 Wednesday, November 17, 2010

  9. Analysis - Scenarios  Ad-Hoc networks acting independent (Autonomous)  Produces no control traffic  Botmaster has no control over his botnet  Nodes must have a large density for an attack to be launched  Possible attack situations may get overlooked even if there are enough infected devices within a cell Threat analysis of a Cellular Botnet regarding DoS attacks 9 Wednesday, November 17, 2010

  10. Analysis - Scenarios  Coordinated attack through a Master Server (Hybrid)  Produces control traffic  Botmaster has partial control over his botnet  Cell exhaustion is guaranteed as long as the need amount of ad-hoc networks exist within a cell Threat analysis of a Cellular Botnet regarding DoS attacks 10 Wednesday, November 17, 2010

  11. Analysis - Node movement (Mobility Models)  Random Waypoint  Random speed  Random destinations  Random Waypoint with predefined hotspots  Random speed  Random destinations out of a pool of visit probability weighted locations  Random Walk  Random speed  Constant travel time  Random travel direction Threat analysis of a Cellular Botnet regarding DoS attacks 11 Wednesday, November 17, 2010

  12. Evaluation  Testing the attack rate based on:  Node’s threshold regarding Ad-Hoc size ( Autonomous & Hybrid)  Changing node speeds (All scenarios)  Botmaster’s threshold regarding nodes within a cell (Central Controlled & Hybrid)  Test parameter configuration  100 - 400 nodes  1000m × 1000m surface (4 cells)  500m cell range  maximum 52 simultaneous voice calls within a cell  Initial node speed 1 - 2 m/s Threat analysis of a Cellular Botnet regarding DoS attacks 12 Wednesday, November 17, 2010

  13. Evaluation - Test: Node’s speed  Scenario 1: Central Controlled  Random Walk prevails with 300 or more nodes  More than 400 nodes within the surface results in constant attack rates with all three mobility models 50 Random Walk Random Waypoint Random Waypoint Hotspots 45 40 35 Number of Cell downs 30 25 20 15 10 5 5 10 15 20 25 Mean speed (m/s) Threat analysis of a Cellular Botnet regarding DoS attacks 13 Wednesday, November 17, 2010

  14. Evaluation - Test: Node’s speed  Scenario 2 & 3: Autonomous & Hybrid  Random Walk hardly produces any attacks  Attack rate drops as mean speed increases 30 50 Random Walk Random Walk Random Waypoint Random Waypoint Random Waypoint Hotspots Random Waypoint Hotspots 45 25 40 35 20 Number of Cell downs Number of Cell downs 30 25 15 20 10 15 10 5 5 2 4 6 8 10 12 14 2 4 6 8 10 12 14 Mean speed (m/s) Mean speed (m/s) Autonomous Hybrid Threat analysis of a Cellular Botnet regarding DoS attacks 14 Wednesday, November 17, 2010

  15. Evaluation - Test: Node’s threshold  Scenario 2 & 3: Autonomous & Hybrid  Random Walk hardly produces any attacks  Attack rate drops radically as threshold increases  Random Waypoint using hotspots prevails in “Autonomous”  Attack rate using the “Autonomous” scenario is higher than with the “Hybrid” 60 30 Random Walk Random Walk Random Waypoint Random Waypoint Random Waypoint Hotspots Random Waypoint Hotspots 50 25 40 20 Number of Cell downs Number of Cell downs 30 15 20 10 10 5 0 0 50 100 150 200 250 300 350 400 50 100 150 200 250 300 350 400 Threshold(Nodes) Threshold(Nodes) Autonomous Hybrid Threat analysis of a Cellular Botnet regarding DoS attacks 15 Wednesday, November 17, 2010

  16. Evaluation - Test: Botmaster’s threshold  Scenario 1 & 3” Central Controlled & Hybrid  Random Walk hardly produces any attacks in “Hybrid”  Attack rate drops as threshold increases  Attack rate using “Central Controlled” is higher than in “Hybrid”  Attack rate in “Central Controlled” is about the same with all three mobility models 80 18 Random Walk Random Walk Random Waypoint Random Waypoint Random Waypoint Hotspots Random Waypoint Hotspots 16 70 14 60 12 Number of Cell downs Number of Cell downs 50 10 40 8 30 6 20 4 10 2 0 0 100 150 200 250 300 350 400 100 150 200 250 300 350 400 Threshold(Nodes) Threshold(Nodes) Central Controlled Hybrid Threat analysis of a Cellular Botnet regarding DoS attacks 16 Wednesday, November 17, 2010

  17. Evaluation - What about a larger area? How many cells can be taken down within a city with 1000 - 50 000 infected mobile devices?  Larger area representing Munich  Calculate a node distribution with Random Walk combined based on the user placement according to population density maps  Distribute cells within the city area based on real life data (Deutsche Telekom)  Set an hypothetical cell capacity for our cells based on the number of sectors  Place users within the city using the pre-calculated node distribution  Cell capacity in the center is larger than on the edges Threat analysis of a Cellular Botnet regarding DoS attacks 17 Wednesday, November 17, 2010

  18. Results  Nodes converge towards the center of the city  Number of cells taken down monotonically increases as amount of infected devices grows, especially in the center  Although people do not move according to Random Walk, attacks may be possible with “Central Controlled” scenario 300 250 200 Number of Cell downs 150 100 50 0 10000 15000 20000 25000 30000 35000 40000 45000 50000 Nodes Threat analysis of a Cellular Botnet regarding DoS attacks 18 Wednesday, November 17, 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction to the problem Architecture of NAB A way to attest human-generated traffic Use of attestation to mitigate presented problems Results

418 views • 25 slides
MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet

MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet

MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet A Botnet is a software that is designed to perform simple automated and usually cyclical operations. Botnet management is performed remotely

507 views • 24 slides
Mirai Botnet: How IoT Botnets Performed Massive DDoS Attacks and Negatively Impacted Hundreds of

Mirai Botnet: How IoT Botnets Performed Massive DDoS Attacks and Negatively Impacted Hundreds of

Mirai Botnet: How IoT Botnets Performed Massive DDoS Attacks and Negatively Impacted Hundreds of Thousands of Internet Businesses and Millions of Users in October 2016 William Favre Slater, III, M.S. MBA, PMP, CISSP, CISA Sr. Cybersecurity

1.36k views • 53 slides
An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization Automatic Tracking and Activity Visualization marco riccardi Italian Chapter - The Honeynet Project marco cremonini

393 views • 36 slides
Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H.

Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H.

CS 598-PBG Presented by Ashish Vulimiri Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H. Balakrishnan, P . Maniatis, S. Ratnasamy Presented by: Ashish Vulimiri Images lifted from paper/authors NSDI09

560 views • 30 slides
Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

#RSAC SESSION ID: SESSION ID: HTA-W10 Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What this talk will cover? Brief overview of Mirai The cameras themselves Step by step from infection to attacks

962 views • 63 slides
Open Resolvers and the Threat of Reflection Attacks John Kristoff jtk@depaul.edu DPU CTI

Open Resolvers and the Threat of Reflection Attacks John Kristoff jtk@depaul.edu DPU CTI

Open Resolvers and the Threat of Reflection Attacks John Kristoff jtk@depaul.edu DPU CTI Networks Seminar jtk (jtk@depaul.edu) ORs and Attacks September 21, 2006 1 / 26 A Review of the DNS Lookup Process jtk (jtk@depaul.edu) ORs and

626 views • 26 slides
Dawn Song dawnsong@cs.berkeley.edu 1 What is a botnet? An army of compromised hosts

Dawn Song dawnsong@cs.berkeley.edu 1 What is a botnet? An army of compromised hosts

Botnet Analysis & Defense Dawn Song dawnsong@cs.berkeley.edu 1 What is a botnet? An army of compromised hosts (bots) coordinated via a command and control center (C&C). The perpetrator is usually called a botmaster.

409 views • 11 slides
Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks

Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks

Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks Author: Ralf-Philipp Weinmann University of Luxembourg WOOT, USENIX, 2012. Presenter: Hyuntae Kim Part 1. Introduction - GSM overview - MS-BTS

1.2k views • 42 slides
FRAMEWORK FOR BOTNET EMULATION AND ANALYSIS A Thesis Presented to The Academic Faculty by

FRAMEWORK FOR BOTNET EMULATION AND ANALYSIS A Thesis Presented to The Academic Faculty by

FRAMEWORK FOR BOTNET EMULATION AND ANALYSIS A Thesis Presented to The Academic Faculty by Christopher Patrick Lee In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Electrical and Computer

1.09k views • 106 slides
Assessing Targeted Attacks in Incident Response Threat Correlation Jan 2017

Assessing Targeted Attacks in Incident Response Threat Correlation Jan 2017

Assessing Targeted Attacks in Incident Response Threat Correlation Jan 2017 www.lookingglasscyber.com PRESENTER: Allan Thomson, CTO Dr Jamison Day, Principal Data Scientist 2017 LookingGlass Cyber Solutions Inc. 1 What threats are

344 views • 21 slides
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu 1,2 , Roberto Perdisci 3 , Junjie Zhang 1 , and Wenke Lee 1 1 Georgia Tech 3 Damballa, Inc. 2 Texas A&M University 2008-7-31

549 views • 22 slides
Mining Threat-intelligence from Billion- scale SSH Brute-Force Attacks Yuming Wu 1 , Phuong M.

Mining Threat-intelligence from Billion- scale SSH Brute-Force Attacks Yuming Wu 1 , Phuong M.

Mining Threat-intelligence from Billion- scale SSH Brute-Force Attacks Yuming Wu 1 , Phuong M. Cao 1 , Alexander Withers 2 , Zbigniew T. Kalbarczyk 1 , Ravishankar K. Iyer 1 1 University of Illinois at Urbana-Champaign (UIUC) 2 National

421 views • 14 slides
Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey George Hughey Richard Roberts Dave Levin University of Maryland The Max Planck Institute + for Software Systems Rise of IoT Botnets

569 views • 52 slides
Embedded Malware An Analysis of the Chuck Norris Botnet P. eleda, R. Krej, J. Vykopal,

Embedded Malware An Analysis of the Chuck Norris Botnet P. eleda, R. Krej, J. Vykopal,

Embedded Malware An Analysis of the Chuck Norris Botnet P. eleda, R. Krej, J. Vykopal, M. Draar {celeda|vykopal|drasar}@ics.muni.cz, radek.krejci@mail.muni.cz The sixth European Conference on Computer Network Defense EC2ND

691 views • 50 slides
Welcome to Storm ! The Storm botnet Reachability check Overnet (UDP) The Storm botnet

Welcome to Storm ! The Storm botnet Reachability check Overnet (UDP) The Storm botnet

Welcome to Storm ! The Storm botnet Reachability check Overnet (UDP) The Storm botnet Botmaster Hosted infrastructure HTTP proxies HTTP Proxy Infected machines bots TCP Workers The Storm botnet Botmaster Hosted infrastructure HTTP

517 views • 31 slides
Unified bijective framework for planar maps Olivier Bernardi (Brandeis University) Joint work

Unified bijective framework for planar maps Olivier Bernardi (Brandeis University) Joint work

Unified bijective framework for planar maps Olivier Bernardi (Brandeis University) Joint work with Eric Fusy (CNRS/LIX) FPSAC, Paris 2013 Maps Definition: A map is a gluing of polygons (pairing of the edges) forming a connected surface

892 views • 70 slides
A cellular basis of the q-Brauer algebra Nguyen Tien Dung Vinh University 09 Sep, 2014 Dung

A cellular basis of the q-Brauer algebra Nguyen Tien Dung Vinh University 09 Sep, 2014 Dung

Vinh University A cellular basis of the q-Brauer algebra Nguyen Tien Dung Vinh University 09 Sep, 2014 Dung Nguyen Tien Vinh University Wenzl (2012) Version that contains H n ( q ) Fix N Z \ { 0 } , let q and r be invertible elements.

273 views • 12 slides
Cellular ANTomata: Principles and Progress Arnold L. Rosenberg Computer Science Northeastern

Cellular ANTomata: Principles and Progress Arnold L. Rosenberg Computer Science Northeastern

Cellular ANTomata: Principles and Progress Arnold L. Rosenberg Computer Science Northeastern University Boston, MA 02115, USA The Cellular ANTomaton Model The parallel component of the model : An n n cellular AUTomaton: the n n mesh

1.01k views • 65 slides
Pertussis preventable diseases vaccination an update Ute Hallbauer Department Paediatrics

Pertussis preventable diseases vaccination an update Ute Hallbauer Department Paediatrics

One of the most prevalent vaccine- Pertussis preventable diseases vaccination an update Ute Hallbauer Department Paediatrics and Child Health University of the Free State Pertussis Diagnosis The increasing incidence and the

571 views • 36 slides
Mobile Content Hosting Infrastructure in China: A View from a Cellular ISP Zhenyu Li Donghui Yang

Mobile Content Hosting Infrastructure in China: A View from a Cellular ISP Zhenyu Li Donghui Yang

Mobile Content Hosting Infrastructure in China: A View from a Cellular ISP Zhenyu Li Donghui Yang Zhenhua Li Chunjing Han Gaogang Xie Continuous increase of mobile data CISCO projected: the mobile data will increase 7-fold by 2021

470 views • 21 slides
Detecting Linkage in an n -Component Brunnian Link IMUS Mini-Course Session 1 Work in progress

Detecting Linkage in an n -Component Brunnian Link IMUS Mini-Course Session 1 Work in progress

Detecting Linkage in an n -Component Brunnian Link IMUS Mini-Course Session 1 Work in progress with H. Molina-Abril & B. Nimershiem Presented by Dr. Ron Umble Millersville U and IMUS 24 April 2018 Dr. Ron Umble (Millersville U and IMUS)

1.57k views • 130 slides
How Typical is "Typical"? Characterizing Deviations Using the Meta Distribution Martin

How Typical is "Typical"? Characterizing Deviations Using the Meta Distribution Martin

How Typical is "Typical"? Characterizing Deviations Using the Meta Distribution Martin Haenggi University of Notre Dame, IN, USA SpaSWiN 2017 Keynote May 19, 2017 Available at http://www.nd.edu/~mhaenggi/talks/spaswin17.pdf M.

950 views • 60 slides
P OLYHEDRAL PRODUCTS , DUALITY PROPERTIES , AND C OHEN M ACAULAY COMPLEXES Alex Suciu

P OLYHEDRAL PRODUCTS , DUALITY PROPERTIES , AND C OHEN M ACAULAY COMPLEXES Alex Suciu

P OLYHEDRAL PRODUCTS , DUALITY PROPERTIES , AND C OHEN M ACAULAY COMPLEXES Alex Suciu Northeastern University Special Session Geometry and Combinatorics of Cell Complexes Mathematical Congress of the Americas Montral, Canada July 28,

358 views • 22 slides

More recommend