detection of peer to peer botnets
play

Detection of peer-to-peer botnets Matthew Steggink, Igor Idziejczak - PowerPoint PPT Presentation

Dec 01, 2022 •393 likes •570 views

Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection of peer-to-peer botnets Matthew Steggink, Igor Idziejczak February 6, 2008 1 / 17 Outline Introduction & theory

  1. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection of peer-to-peer botnets Matthew Steggink, Igor Idziejczak February 6, 2008 1 / 17

  2. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Introduction & theory Research question Peacomm case study Detection Conclusion & future work 2 / 17

  3. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Peer-to-peer botnets ◮ What are botnets . . . and peer-to-peer botnets? ◮ What’s the purpose of bots and botnets? 3 / 17

  4. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Botnet topology 4 / 17

  5. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Research question? in cooperation with SURFnet Detection of peer-to-peer botnets ◮ Why this research ◮ Goal of this research ◮ Previous work . . . 5 / 17

  6. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Peacomm Peacomm ◮ What is Peacomm ◮ DHT: Usage of the Overnet protocol 6 / 17

  7. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work How do users get infected? 7 / 17

  8. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Peacomm experimental setup ◮ Peer to peer botnet study ◮ Test environment ◮ Experimenting (CW Sandbox, PerilEyez, Rootkit Unhooker, Wireshark) 8 / 17

  9. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Infection ◮ Executable copy (noskrnl.exe) ◮ Time configuration ◮ Initial peer list (noskrnl.config) ◮ Creates a rule in the Windows Firewall ◮ Rootkit noskrnl.sys 9 / 17

  10. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Secondary injections ◮ Duplicate on the desktop ◮ Update malware through TCP connection ◮ Updates peer list and downloads spam message 10 / 17

  11. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Network analysis UDP ◮ Very noisy: 55 % ◮ Always same high numbered port (different on every host) ◮ Packet length (40-79): 98 %, in total: 51 % 11 / 17

  12. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Network analysis SMTP ◮ 5 % of total traffic → < 0,5% [1] ◮ 33 packets / second ipoque.com, Internet Study 2007 , August - September 2007 12 / 17

  13. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Network analysis MX queries ◮ 1 % of total traffic ◮ 4 packets / second → isolated case? ◮ Host MX queries are suspicious 13 / 17

  14. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection ◮ Protocol traffic ◮ SMTP ◮ MX queries ◮ Connection 14 / 17

  15. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Detection Figure: Comparison between all traffic (black), Peacomm traffic (red) and other traffic (blue) (generated with Wireshark) 15 / 17

  16. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Conclusion & future work ◮ Unique characteristics ◮ Hard to predict the future? ◮ Future Peacomm developments: less noisy, what now? ◮ New bots in the future: Agobot? 16 / 17

  17. Outline Introduction & theory Research question Peacomm case study Detection Conclusion & future work Questions? ◮ Matthew Steggink: matthew.steggink@os3.nl ◮ Igor Idziejczak: igor.idziejczak@os3.nl 17 / 17

Recommend

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering University of Amsterdam Master thesis presentation, July 3 rd 2014 Supervisor: Pepijn Janssen RedSocks Botnets Large group of infected computers,

610 views • 23 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey George Hughey Richard Roberts Dave Levin University of Maryland The Max Planck Institute + for Software Systems Rise of IoT Botnets

569 views • 52 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

5/7/08 Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing servers provide special services to clients clients request service from a server Pure peer-peer computing all systems have equivalent

586 views • 20 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction Shudong Jin Case Western Reserve University NEONet Workshop, March 1, 2006 Peer-to-Peer Streaming Peer-to-peer systems versus client/server systems

292 views • 15 slides
THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In peer-to-peer networks, all the operations Peer-to-peer networks Proof-of-work equally rely on each node in the system. Digital signature Registry

328 views • 18 slides
Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford University Lear Conference July 25, 2015 1 Internet Marketplaces 2 On-Demand Services 3 Introduction Peer-to-peer

1.02k views • 25 slides
Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Introduction Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a decentralized manner Resource can be: computing, storage, bandwidth Function can be: computing, data sharing, D.

625 views • 6 slides
5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a good role model! She or he proudly represents the 6 pillars of character: Trustworthiness, Respect, Responsibility, Fairness, Caring, Citizenship A

258 views • 7 slides
P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16

P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16

P2P: Distributed Hash Tables Chord + Routing Geometries Nirvan Tyagi CS 6410 Fall16 Peer-to-peer (P2P) Peer-to-peer (P2P) Decentralized! Hard to coordinate with peers joining and leaving Peer-to-peer (P2P) Napster (1999) Peer-to-peer

869 views • 68 slides
Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI

Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI

Lets Put a Peer Worker on Campus! Keely Phillips, Self Help &amp; Peer Support OPDI Conference, October 2018 About Self Help &amp; Peer Support Peer Navigator Services at Conestoga College A full-time Peer Navigator will provide:

579 views • 16 slides
Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale

Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale

UNIVERSITY OF MODENA AND REGGIO EMILIA Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale Mirco Marchetti, Michele Messori and Michele Colajanni WebLab, University of Modena and Reggio Emilia, Italy

297 views • 19 slides
Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Literature Feldman, Chuang Overcoming Free-Riding Behavior in Peer-to-Peer Systems, 2005

449 views • 24 slides
Chor d: A Scalable Peer-t o-peer Lookup Chor d: A Scalable Peer-t o-peer Lookup Ser vice f or I

Chor d: A Scalable Peer-t o-peer Lookup Chor d: A Scalable Peer-t o-peer Lookup Ser vice f or I

Chor d: A Scalable Peer-t o-peer Lookup Chor d: A Scalable Peer-t o-peer Lookup Ser vice f or I nt er net Applicat ions Ser vice f or I nt er net Applicat ions Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan

533 views • 30 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Free-Net Ian Clarke, Oskar Sandberg, Brandon Wiley, Theodore Hong, 2000 Goal - peer-to-peer network -

746 views • 36 slides
Peer to Peer Learning &amp; Support Aims and Objectives of this Workshop Workshop 3: Peer to

Peer to Peer Learning &amp; Support Aims and Objectives of this Workshop Workshop 3: Peer to

Peer to Peer Learning &amp; Support Aims and Objectives of this Workshop Workshop 3: Peer to Peer Learning &amp; Support is designed to encourage peer to peer support, learning and development and sharing best practice amongst the

495 views • 11 slides
Outline What is the proposed e-Science Desktop Peer and why. P2P-DVM, a prototype of

Outline What is the proposed e-Science Desktop Peer and why. P2P-DVM, a prototype of

Realizing the e-Science Desktop Peer Using a Peer-to-Peer Distributed Virtual Machine Middleware. Lei Ni, Aaron Harwood and Peter J. Stuckey NICTA Victoria Labs, Australia, Department of Computer Science and Software Engineering, The

459 views • 12 slides
Understanding Peer-to-Peer Networking and File- Sharing Introduction Although the recent

Understanding Peer-to-Peer Networking and File- Sharing Introduction Although the recent

Content copied from: http://www.limewire.com/about/p2p.php Understanding Peer-to-Peer Networking and File- Sharing Introduction Although the recent growth of user-friendly file-sharing networks has only now brought Peer-to-Peer (P2P)

144 views • 3 slides
INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie &amp; Francois le Faucheur

INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie &amp; Francois le Faucheur

INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie &amp; Francois le Faucheur Outline Background: peering peer-to-peer providers CDN Interconnect Motivation CDNI Technical Issues Discussion Why is this a

876 views • 19 slides
Decentralized Trust Management for Decentralized Trust Management for Ad-Hoc Peer-to-Peer

Decentralized Trust Management for Decentralized Trust Management for Ad-Hoc Peer-to-Peer

Decentralized Trust Management for Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science &amp; Engineering University of California,

1.41k views • 29 slides
Peer-to-Peer Information Sharing in a Mobile Ad Hoc Environment Anna Hayes University College

Peer-to-Peer Information Sharing in a Mobile Ad Hoc Environment Anna Hayes University College

Peer-to-Peer Information Sharing in a Mobile Ad Hoc Environment Anna Hayes University College Dublin David Wilson University of North Carolina at Charlotte %give summary of the whole work: %contents Weve developed a peer-to-peer system

332 views • 17 slides

More recommend