ANALYSIS OF WEB-BASED BOT MALWARE INFECTION

1
ANALYSIS OF WEB-BASED BOT MALWARE INFECTION

• Louena L. Manluctao
• East Early College High School
• Houston Independent School District

• Dr. Guofei Gu
• Assistant Professor
• Department of Computer Science Engineering
• Director, SUCCESS LAB
• TEXAS A M University

2
Dr Guofei Gu

• EDUCATION
• Ph. D in Computer Science
• Georgia Institute of Technology
• M.S. in Computer Science
• Fudan University

3
Research interest

• Network and system security such as Internet
  malware detection, defense, and analysis
• Intrusion detection, anomaly detection
• Network security
• Web and social networking security

4
Success LAB

• Success Lab Students
• PhD 
• Seungwon Shin
• Chao Yang
• Zhaoyan Xu
• Jialong Zhang
• MS
• Robert Harkreader
• Shardul Vikram
• Vijayasenthil VC
• Lingfeng Chen
• Alumni
• Yimin Song (MS, first employment Juniper
  Networks)

5
Seungwon shin

• Network Web Security
• Botnet Analysis Conficker
• Seungwon Shin and Guofei Gu. "Conficker and
  Beyond A Large-Scale Empirical Study." To appear
  in Proceedings of 2010 Annual Computer Security
  Applications Conference (ACSAC'10), Austin,
  Texasi, December 2010.

6
Seungwon shin

• Network Web Security
• Botnet Analysis Conficker
• Seungwon Shin, Raymond Lin, Guofei Gu.
  "Cross-Analysis of Botnet Victims New Insights
  and Implications." To appear in Proceedings of
  the 14th International Symposium on Recent
  Advances in Intrusion Detection (RAID 2011),
  Menlo Park, California, September 2011.

7
chao yang

• Wireless Security
• Rogue Access Point Detection
• Yimin Song, Chao Yang, Guofei Gu. "Who Is Peeping
  at Your Passwords at Starbucks? -- To Catch an
  Evil Twin Access Point." In Proceedings of
  the 40th Annual IEEE/IFIP International
  Conference on Dependable Systems and Networks
  (DSN'10), Chicago, IL, June 2010

8
chao yang

• Social Networking Website Security
• Twitter Spammer Accounts Detection
• Chao Yang, Robert Harkreader, Guofei Gu. "Die
  Free or Live Hard? Empirical Evaluation and New
  Design for Fighting Evolving Twitter Spammers."
  To appear in Proceedings of the 14th
  International Symposium on Recent Advances in
  Intrusion Detection (RAID 2011), Menlo Park,
  California, September 2011.

9
Zhaoyan xu

• Malware Analysis
• Analysis of binary code and source code
• Dynamic Analysis
• Static Analysis
• Reverse Engineering
• Protocol
• Semanticis

10
Jialong Zhang

• Intrusion and Detection System
• Enterprise Network Security
• Assist Us with computer terms

11
Applied cryptography

• The art of secret writing
• Converts data into unintelligible (random
  looking) form
• Must be reversible (recover original data
• without loss or modification)

12
Encryption/Decryption

• Plaintext a message in its original form
• Ciphertext a message in the transformed,
  unrecognized form
• Encryption the process that transforms a
  plaintext into a ciphertext
• Decryption the process that transforms a
  ciphertext to the corresponding plaintext
• Key the value used to control encryption/decrypti
  on.

13
Probability and statisitics
14
Probability and statistics
15
Relevance of the research

• To Solve Practical Security Problems
• Internet malware detection, defense, and analysis
  
• Intrusion detection, anomaly detections
• Network security
• Web and social networking security
• To help society and country from threat of
  national security

16
Research activity
17
Purpose of botnet taxonomy

• Help researchers identify the type of responses
  that are most effective against botnets
• Design Goals
• assist the defenders in identifying possible
  types of botnets
• describe key properties of botnet classes

18
Key metrics for botnet structuresbotnet
effectiveness

• Estimate of overall utility. Measure the largest
  number of bots that can receive instructions and
  participate in an attack.
• Average amount of bandwidth that a bot can
  contribute, denoted by B.

19
Botnet efficiency

• Network diameter is one means of expressing this
  efficiency.
• This is the average geodesic length of a network.

20
Botnet robustness

• Clustering coefficient measures the average
  degree of local transitivity.
• The transitivity measure index generally
  captures the robustness of a botnet

21
Botnet network modelsErdos-Renyi random graph
models

• Random graphs are created to avoid creating
  predictable flows.
• In a random graph, each node is connected with
  equal probability to the other N-1 nodes.
• The chance that a bot has a degree of k is the
  binomial distribution

22
Acknowledgements
Texas AM University
Dr. Guofie Gu
National Science Foundation
Nuclear Power Institute
Chevron
Texas Workforce Commission
23
Wilber Rivas, Math Teacher, Del Rio High School
Chao Yang, Phd Student
Jialong Zhang, Phd Student