A STUDY ON BOTNET ARCHITECTURE

Seminar Guide, SHIBU V.SAsst.Professor

Mar Baselios College of Engg.

By, BINI B.S Mtech, CSE

MBCET

1

OverviewIntroductionHow Botnet WorksBotnet Life CycleBotnet Architecture

Centralized Botnet Architecture.Peer to Peer Botnet Architecture (P2P).Hybrid Botnet Architecture.Hyper Text Transfer Protocol with Peer to Peer (HttP2P)

Botnet Architecture. Self-healing system Architecture.ConclusionReferences

2

Introduction

BOTNET or Robot Network is the biggest network security threats faced by home users, organizations, and governments.

A “BOTNET” is a network of compromised computers (“bots”) connected to the Internet that is controlled by a remote attacker (“botmaster”).

Created by intelligent and up to date hackers.

3

4

Botnet Life Cycle

• Once botnet infects a computer, A bot usually steals something such as personal information, Authentication credentials or Credit card data.

• The machine then becomes part of the botnet, ready to perform designated malicious tasks.

• Common functions in most botnets include DDoS attacks, Click fraud ,spam, phishing etc.

5

Botnet Life Cycle6

Botnet Architecture

Different types of BOTNET architectures:

i. Centralized Botnet Architecture.ii. Peer to Peer Botnet Architecture (P2P).iii. Hybrid Botnet Architecture iv. Hyper Text Transfer Protocol with Peer

to Peer Botnet Architecture. 7

I. Centralized Botnet Architecture

• Oldest and easiest architecture to manage and control botnets.

• All the zombie computers is being supervised from a center point, which makes them easy to manage.

• The disadvantage : Entire botnet can be shutdown if the defender captures the C&C server. • Examples: AgoBot, SDBot, SpyBot, GTBot etc.

8

9

II.Peer to Peer Botnet Architecture

• Used to remove the drawbacks of centralized architecture.

• P2P based n/w is much harder to shutdown.

• In this architecture a node can act as a client(soldier bot) as well as a server(supervisor bot) and there is no centralized point as C&C server.

• Examples : Phatbot and Peacomm. 10

11

III. Hybrid Botnet Architecture

• It is harder to be shut down, monitored, and hijacked.

• A botmaster could easily monitor the entire botnet by issuing a report command , and make it harder from detecting bots.

12

13

IV. Hyper Text Transfer Protocol with Peer to Peer:

• The Supervisor-Bot cipher the message.

• It continuously search for Soldier-Bot, and when found deliver message to it.

• While the Soldier-Bot does not contact dynamically to Supervisor-Bot rather it waits for a call from its supervisor.

14

Self healing System Architecture

• Concept is inspired by the way organisms adapt to their environment by developing immunity against harmful viruses, bacteria and toxins.

• It is based on a study of two HTTP-based botnets, Zeus and Black energy, and two P2P botnets , Waledac and Storm.

15

Self healing System Architecture (cont..)

• It enables networked systems to look continuously for any alteration of “normal behavior” and apply appropriate corrective actions.

• It can recognize when it is not operating correctly and, with little or no human intervention occurs.

16

V. Self healing System Architecture (cont..)

• It is optimized for a domain controlled network that connects to a large geographic region.

• Application is mainly in Defense-in-depth security solution for domain-controlled enterprise networks.

17

Self-healing System Architecture

18

Conclusion

• Botnets have a direct influence on the number of cybercrimes committed. We have to be well prepared for future botnets. It is an ongoing war between botnet attacks and defenses.

19

Reference

• [1] Ihsan Ullah, Naveed Khan, Hatim A.Aboalsamh,“ SURVEY ON BOTNET: ITS ARCHITECTURE, DETECTION, PREVENTION AND MITIGATION”, 978-1-4673-5200-0/13/$31.00 ©2013 IEEE.

• [2]Bhagath Singh Jayaprakasam,” MODELING BOTNET IN PEER TO PEER SYSTEMSPRESENTED” Apr 28, 2011.

• [3] Adeeb Alhomoud and Irfan Awan ,Jules Ferdinand Pagna Disso, Muhammad Younas,“A Next- Generation Approach to Combating Botnets” 0018-9162/13/$31.00 © 2013 IEEE. 20

21