ANALYSIS OF BOTNET CLASSIFICATION AND DETECTION BASED ON C&C CHANNEL

Botnet is a serious threat to cyber-security. Botnet is a robot that can enter the computer and perform DDoS attacks through attacker’s command. Botnets are designed to extract confidential information from network channels such as LAN, Peer or Internet. They perform on hacker's intention through Command & Control(C&C) where attacker can control the whole network and can clinch illegal activities such as identity theft, unauthorized logins and money transactions. Thus, for security reason, it is very important to understand botnet behavior and go through its countermeasures. This thesis draws together the main ideas of network anomaly, botnet behavior, taxonomy of botnet, famous botnet attacks and detections processes. Based on network protocols, botnets are mainly 3 types: IRC, HTTP, and P2P botnet. All 3 botnet's behavior, vulnerability, and detection processes with examples are explained individually in upcoming chapters. Meanwhile saying shortly, IRC Botnet refers to early botnets targeting chat and messaging applications, HTTP Botnet targets internet browsing/domains and P2P Botnet targets peer network i.e. decentralized servers. Each Botnet's design, target, infecting and spreading mechanism can be different from each other. For an instance, IRC Botnet is targeted for small environment attacks where HTTP and P2P are for huge network traffic. Furthermore, detection techniques and algorithms filtration processes are also different among each of them. Based on these individual botnet's behavior, many research papers have analyzed numerous botnet detection techniques such as graph-based structure, clustering algorithm and so on. Thus, this thesis also analyzes popular detection mechanisms, C&C channels, Botnet working patterns, recorded datasets, results and false positive rates of bots prominently found in IRC, HTTP and P2P. Research area covers C&C channels, botnet behavior, domain browsing, IRC, algorithms, intrusion and detection, network and peer, security and test results. Research articles are conducted from scientific books through online source and University of Turku library

Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detection system: A comprehensive review

Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks

Securing cloud-hosted applications using active defense with rule-based adaptations

Security cloud-based applications is a dynamic problem since modern attacks are always evolving in their sophistication and disruption impact. Active defense is a state-of-the-art paradigm where proactive or reactive cybersecurity strategies are used to augment passive defense policies (e.g., firewalls). It involves using knowledge of the adversary to create of dynamic policy measures to secure resources and outsmart adversaries to make cyber-attacks difficult to execute. Using intelligent threat detection systems based on machine learning and active defense solutions implemented via cloud resource adaptations, we can slowdown attacks and derail attackers at an early stage so that they cannot proceed with their plots, while also increasing the probability that they will expose their presence or reveal their attack vectors. In this MS Thesis, we demonstrate the concept and benefits of active defense in securing cloud-based applications through rule-based adaptations on distributed resources. Specifically, we propose two novel active defense strategies to mitigate impact of security anomaly events within: (a) social virtual reality learning environment (VRLE), and (b) healthcare data sharing environment (HDSE). Our first strategy involves a "rule-based 3QS-adaptation framework" that performs risk and cost aware trade-off analysis to control cybersickness due to performance/security anomaly events during a VRLE session. VRLEs provide immersive experience to users with increased accessibility to remote learning, thus a breach of security in critical VRLE application domains (e.g., healthcare, military training, manufacturing) can disrupt functionality and induce cybersickness. Our framework implementation in a real-world social VRLE viz., vSocial monitors performance/security anomaly events in network data. In the event of an anomaly, the framework features rule-based adaptations that are triggered by using various decision metrics. Based on our experimental results, we demonstrate the effectiveness of our rulebased 3QS-adaptation framework in reducing cybersickness levels, while maintaining application functionality. Our second strategy involves a "defense by pretense methodology" that uses real-time attack detection and creates cyber deception for HDSE applications. Healthcare data consumers (e.g., clinicians and researchers) require access to massive, protected datasets, thus loss of assurance/auditability of critical data such as Electronic Health Records (EHR) can severely impact loss of privacy of patient's data and the reputation of the healthcare organizations. Our cyber deception utilizes elastic capacity provisioning via use of rule-based adaptation to provision Quarantine Virtual Machines (QVMs) that handle redirected attacker's traffic and increase threat intelligence collection. We evaluate our defense by pretense design by creating an experimental Amazon Web Services (AWS) testbed hosting a real-world OHDSI setup for protected health data analytics/sharing with electronic health record data (SynPUF) and publications data (CORD-19) related to COVID-19. Our experiment results show how we can successfully detect targeted attacks such as e.g., DDoS and create redirection of attack sources to QVMs.Includes bibliographical references

Selected Computing Research Papers Volume 7 June 2018

Contents Critical Evaluation of Arabic Sentimental Analysis and Their Accuracy on Microblogs (Maha Al-Sakran) Evaluating Current Research on Psychometric Factors Affecting Teachers in ICT Integration (Daniel Otieno Aoko) A Critical Analysis of Current Measures for Preventing Use of Fraudulent Resources in Cloud Computing (Grant Bulman) An Analytical Assessment of Modern Human Robot Interaction Systems (Dominic Button) Critical Evaluation of Current Power Management Methods Used in Mobile Devices (One Lekula) A Critical Evaluation of Current Face Recognition Systems Research Aimed at Improving Accuracy for Class Attendance (Gladys B. Mogotsi) Usability of E-commerce Website Based on Perceived Homepage Visual Aesthetics (Mercy Ochiel) An Overview Investigation of Reducing the Impact of DDOS Attacks on Cloud Computing within Organisations (Jabed Rahman) Critical Analysis of Online Verification Techniques in Internet Banking Transactions (Fredrick Tshane

GUIDE FOR THE COLLECTION OF INSTRUSION DATA FOR MALWARE ANALYSIS AND DETECTION IN THE BUILD AND DEPLOYMENT PHASE

During the COVID-19 pandemic, when most businesses were not equipped for remote work and cloud computing, we saw a significant surge in ransomware attacks. This study aims to utilize machine learning and artificial intelligence to prevent known and unknown malware threats from being exploited by threat actors when developers build and deploy applications to the cloud. This study demonstrated an experimental quantitative research design using Aqua. The experiment\u27s sample is a Docker image. Aqua checked the Docker image for malware, sensitive data, Critical/High vulnerabilities, misconfiguration, and OSS license. The data collection approach is experimental. Our analysis of the experiment demonstrated how unapproved images were prevented from running anywhere in our environment based on known vulnerabilities, embedded secrets, OSS licensing, dynamic threat analysis, and secure image configuration. In addition to the experiment, the forensic data collected in the build and deployment phase are exploitable vulnerability, Critical/High Vulnerability Score, Misconfiguration, Sensitive Data, and Root User (Super User). Since Aqua generates a detailed audit record for every event during risk assessment and runtime, we viewed two events on the Audit page for our experiment. One of the events caused an alert due to two failed controls (Vulnerability Score, Super User), and the other was a successful event meaning that the image is secure to deploy in the production environment. The primary finding for our study is the forensic data associated with the two events on the Audit page in Aqua. In addition, Aqua validated our security controls and runtime policies based on the forensic data with both events on the Audit page. Finally, the study’s conclusions will mitigate the likelihood that organizations will fall victim to ransomware by mitigating and preventing the total damage caused by a malware attack