study on botnet architecture
DESCRIPTION
Study on different botnet architecturesTRANSCRIPT
A STUDY ON BOTNET ARCHITECTURE
Seminar Guide, SHIBU V.SAsst.Professor
Mar Baselios College of Engg.
By, BINI B.S Mtech, CSE
MBCET
1
OverviewIntroductionHow Botnet WorksBotnet Life CycleBotnet Architecture
Centralized Botnet Architecture.Peer to Peer Botnet Architecture (P2P).Hybrid Botnet Architecture.Hyper Text Transfer Protocol with Peer to Peer (HttP2P)
Botnet Architecture. Self-healing system Architecture.ConclusionReferences
2
Introduction
BOTNET or Robot Network is the biggest network security threats faced by home users, organizations, and governments.
A “BOTNET” is a network of compromised computers (“bots”) connected to the Internet that is controlled by a remote attacker (“botmaster”).
Created by intelligent and up to date hackers.
3
4
Botnet Life Cycle
• Once botnet infects a computer, A bot usually steals something such as personal information, Authentication credentials or Credit card data.
• The machine then becomes part of the botnet, ready to perform designated malicious tasks.
• Common functions in most botnets include DDoS attacks, Click fraud ,spam, phishing etc.
5
Botnet Life Cycle6
Botnet Architecture
Different types of BOTNET architectures:
i. Centralized Botnet Architecture.ii. Peer to Peer Botnet Architecture (P2P).iii. Hybrid Botnet Architecture iv. Hyper Text Transfer Protocol with Peer
to Peer Botnet Architecture. 7
I. Centralized Botnet Architecture
• Oldest and easiest architecture to manage and control botnets.
• All the zombie computers is being supervised from a center point, which makes them easy to manage.
• The disadvantage : Entire botnet can be shutdown if the defender captures the C&C server. • Examples: AgoBot, SDBot, SpyBot, GTBot etc.
8
9
II.Peer to Peer Botnet Architecture
• Used to remove the drawbacks of centralized architecture.
• P2P based n/w is much harder to shutdown.
• In this architecture a node can act as a client(soldier bot) as well as a server(supervisor bot) and there is no centralized point as C&C server.
• Examples : Phatbot and Peacomm. 10
11
III. Hybrid Botnet Architecture
• It is harder to be shut down, monitored, and hijacked.
• A botmaster could easily monitor the entire botnet by issuing a report command , and make it harder from detecting bots.
12
13
IV. Hyper Text Transfer Protocol with Peer to Peer:
• The Supervisor-Bot cipher the message.
• It continuously search for Soldier-Bot, and when found deliver message to it.
• While the Soldier-Bot does not contact dynamically to Supervisor-Bot rather it waits for a call from its supervisor.
14
Self healing System Architecture
• Concept is inspired by the way organisms adapt to their environment by developing immunity against harmful viruses, bacteria and toxins.
• It is based on a study of two HTTP-based botnets, Zeus and Black energy, and two P2P botnets , Waledac and Storm.
15
Self healing System Architecture (cont..)
• It enables networked systems to look continuously for any alteration of “normal behavior” and apply appropriate corrective actions.
• It can recognize when it is not operating correctly and, with little or no human intervention occurs.
16
V. Self healing System Architecture (cont..)
• It is optimized for a domain controlled network that connects to a large geographic region.
• Application is mainly in Defense-in-depth security solution for domain-controlled enterprise networks.
17
Self-healing System Architecture
18
Conclusion
• Botnets have a direct influence on the number of cybercrimes committed. We have to be well prepared for future botnets. It is an ongoing war between botnet attacks and defenses.
19
Reference
• [1] Ihsan Ullah, Naveed Khan, Hatim A.Aboalsamh,“ SURVEY ON BOTNET: ITS ARCHITECTURE, DETECTION, PREVENTION AND MITIGATION”, 978-1-4673-5200-0/13/$31.00 ©2013 IEEE.
• [2]Bhagath Singh Jayaprakasam,” MODELING BOTNET IN PEER TO PEER SYSTEMSPRESENTED” Apr 28, 2011.
• [3] Adeeb Alhomoud and Irfan Awan ,Jules Ferdinand Pagna Disso, Muhammad Younas,“A Next- Generation Approach to Combating Botnets” 0018-9162/13/$31.00 © 2013 IEEE. 20
21