Botnets - PowerPoint PPT Presentation

About This Presentation
Title:

Botnets

Description:

Type I bots are 'worm-like botnets that continuously scan... Bots, like all technologies, are constantly changing and evolving with time... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 10
Provided by: U9
Category:
Tags: botnets | wormlike

less

Transcript and Presenter's Notes

Title: Botnets


1
  • Botnets
  • A Multifaceted Approach to Understanding the
    Botnet Phenomenon(Rajab/Zarfoss/Monrose/Terzis)
  • Ryan Hannan
  • Rohit Bhat
  • Alan Mui
  • Irfan Siddiqui

2
Statistical Significance
  • What did they examine?
  • 800,000 DNS domains examined
  • 85,000 servers botnet-infected (11)
  • 65 IRC server domain names
  • Is above data statistically significant?
  • Over 97,000,000 domain names exist
  • 73,500,000 .com domains (1 probed)

3
Statistical Significance
  • Ignored non-IRC based bots
  • 40 of bot traffic has been completely ignored
  • Only reviewed CC (command and control) channels
  • Email, web, P2P, other methods were not examined

4
What was the focus of the testing?
  • Type I bots (17 of total analysis)
  • Type I bots are worm-like botnets that
    continuously scan
  • Type-II bots (83 of total analysis)
  • Type II bots are botnets with variable scanning
    behavior and only scan after receiving a
    command

5
What was the focus of the testing?
  • Type-I bots (17 of total analysis)
  • Type I bots are worm-like botnets that
    continuously scan
  • Type-II bots (83 of total analysis)
  • Type II bots are botnets with variable scanning
    behavior and only scan after receiving a
    command
  • Since most of the analysis was conducted on
    Type-II bots, how much traffic was missed while
    waiting for commands to be initiated?

6
Study Duration
  • Study lasted 3 months
  • Is this enough time to get an accurate set of
    sample data?
  • Do we know this 3-month stretch was indicative of
    normal traffic?
  • Do we know if anything happened during this
    3-month period that could account for
    exceptionally high or low amounts of traffic?

7
Tracking Inaccuracies?
Traffic changes frequently!
Consistent inconsistency?
Data from 4.6.08
8
Tracking Inaccuracies?
What if the tracking was done April June? How
about Nov. Jan.? Skewed Results?
Data from 4.6.08
9
How do they know what they saw?
  • Dont want to be found
  • Botmasters intentionally use stealth techniques
    to remain anonymous
  • Bots, like all technologies, are constantly
    changing and evolving with timenew evolutions
    could already exist that they were unaware of
  • Encryption is being used instead of passing
    commands as clear-text
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Botnets" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!