Hackers of India

Botnet mitigation, monitoring and management.

By  Harshad Patil  on 25 Feb 2010 @ Nullcon


Presentation Material

nullcon 2010 - Botnet mitigation, monitoring and management from n|u - The Open Security Community

Abstract

There has been increasing prevalence of attacks and intrusions with huge technology advancement of internet.Attacks and intrusions for monetary gain has been main motive for malicious attackers. Thus, there has been growing sophistication in the tools and methods used to conduct attacks. Choice of parameters of target systems to infect, its process of infection, and control of target system by attacker via different mediums is also analyzed by us. New forms of attack that botnets can launch are explored, and possible defenses against the threat of botnets are suggested. Our paper focuses on 3 areas:

  1. Mitigation: Reactive methods are insufficient and that more proactive methods are required. For an example, to develop a understanding of how malware works, its signatures, its incidence response. In this paper we begin the process of codifying the capabilities of malware Our study reveals the complexity of botnet software, and we discuss implications for defense strategies based on our analysis. Current Mitigation Efforts in progress.

  2. Monitoring: Bot/Botnet Measurements. Detecting and Stopping Bots and its advanced techniques. A botnet when examined, is a effective tool for profit-motivated online crime. What crime they do with botnets? (malware, id theft, keylogging, spyware, phishing and spam) We focus on the devil’s part: • how to build the botnet • what are its specific characteristics • how to operate them • how to maintain and keep them alive. So, that we can develop effective means to monitor it, once we know the mentality and psychology of the malicious attacker.

  3. Management: To increase understanding of the functioning present in bot malware. Botnet Disruption and how to handle it. We describe a system to detect botnets that utilize command and control systems by correlating secondary detection data from multiple sources via data mining.