417 research outputs found
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
Over the last decade botnets survived by adopting a sequence of increasingly
sophisticated strategies to evade detection and take overs, and to monetize
their infrastructure. At the same time, the success of privacy infrastructures
such as Tor opened the door to illegal activities, including botnets,
ransomware, and a marketplace for drugs and contraband. We contend that the
next waves of botnets will extensively subvert privacy infrastructure and
cryptographic mechanisms. In this work we propose to preemptively investigate
the design and mitigation of such botnets. We first, introduce OnionBots, what
we believe will be the next generation of resilient, stealthy botnets.
OnionBots use privacy infrastructures for cyber attacks by completely
decoupling their operation from the infected host IP address and by carrying
traffic that does not leak information about its source, destination, and
nature. Such bots live symbiotically within the privacy infrastructures to
evade detection, measurement, scale estimation, observation, and in general all
IP-based current mitigation techniques. Furthermore, we show that with an
adequate self-healing network maintenance scheme, that is simple to implement,
OnionBots achieve a low diameter and a low degree and are robust to
partitioning under node deletions. We developed a mitigation technique, called
SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and
discuss a set of techniques that can enable subsequent waves of Super
OnionBots. In light of the potential of such botnets, we believe that the
research community should proactively develop detection and mitigation methods
to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure
ANALYSIS OF BOTNET CLASSIFICATION AND DETECTION BASED ON C&C CHANNEL
Botnet is a serious threat to cyber-security. Botnet is a robot that can enter the computer and perform DDoS attacks through attacker’s command. Botnets are designed to extract confidential information from network channels such as LAN, Peer or Internet. They perform on hacker's intention through Command & Control(C&C) where attacker can control the whole network and can clinch illegal activities such as identity theft, unauthorized logins and money transactions. Thus, for security reason, it is very important to understand botnet behavior and go through its countermeasures. This thesis draws together the main ideas of network anomaly, botnet behavior, taxonomy of botnet, famous botnet attacks and detections processes.
Based on network protocols, botnets are mainly 3 types: IRC, HTTP, and P2P botnet. All 3 botnet's behavior, vulnerability, and detection processes with examples are explained individually in upcoming chapters. Meanwhile saying shortly, IRC Botnet refers to early botnets targeting chat and messaging applications, HTTP Botnet targets internet browsing/domains and P2P Botnet targets peer network i.e. decentralized servers. Each Botnet's design, target, infecting and spreading mechanism can be different from each other. For an instance, IRC Botnet is targeted for small environment attacks where HTTP and P2P are for huge network traffic. Furthermore, detection techniques and algorithms filtration processes are also different among each of them. Based on these individual botnet's behavior, many research papers have analyzed numerous botnet detection techniques such as graph-based structure, clustering algorithm and so on. Thus, this thesis also analyzes popular detection mechanisms, C&C channels, Botnet working patterns, recorded datasets, results and false positive rates of bots prominently found in IRC, HTTP and P2P.
Research area covers C&C channels, botnet behavior, domain browsing, IRC, algorithms, intrusion and detection, network and peer, security and test results. Research articles are conducted from scientific books through online source and University of Turku library
Trust Strategies for the Semantic Web
Everyone agrees on the importance of enabling trust on the SemanticWebto ensure more efficient agent interaction. Current research on trust seems to focus on developing computational models, semantic representations, inference techniques, etc. However, little attention has been given to the plausible trust strategies or tactics that an agent can follow when interacting with other agents on the Semantic Web. In this paper we identify five most common strategies of trust and discuss their envisaged costs and benefits. The aim is to provide some guidelines to help system developers appreciate the risks and gains involved with each trust strategy
Utilizing Public Blockchains for the Sybil-Resistant Bootstrapping of Distributed Anonymity Services
Distributed anonymity services, such as onion routing networks or
cryptocurrency tumblers, promise privacy protection without trusted third
parties. While the security of these services is often well-researched,
security implications of their required bootstrapping processes are usually
neglected: Users either jointly conduct the anonymization themselves, or they
need to rely on a set of non-colluding privacy peers. However, the typically
small number of privacy peers enable single adversaries to mimic distributed
services. We thus present AnonBoot, a Sybil-resistant medium to securely
bootstrap distributed anonymity services via public blockchains. AnonBoot
enforces that peers periodically create a small proof of work to refresh their
eligibility for providing secure anonymity services. A pseudo-random, locally
replicable bootstrapping process using on-chain entropy then prevents biasing
the election of eligible peers. Our evaluation using Bitcoin as AnonBoot's
underlying blockchain shows its feasibility to maintain a trustworthy
repository of 1000 peers with only a small storage footprint while supporting
arbitrarily large user bases on top of most blockchains.Comment: To be published in the proceedings of the 15th ACM ASIA Conference on
Computer and Communications Security (ACM ASIACCS'20
Geostry - a Peer-to-Peer System for Location-based Information
An interesting development is summarized by the notion of ”Ubiquitous Computing”: In this area, miniature systems are integrated into everyday objects making these objects ”smart” and able to communicate. Thereby, everyday objects can gather information about their state and their environment. By embedding this information into a model of the real world, which nowadays can be modeled very realistically using sophisticated 3D modeling techniques, it is possible to generate powerful digital world models. Not only can existing objects of the real world and their state be mapped into these world models, but additional information can be linked to these objects as well. The result is a symbiosis of the real world and digital information spaces.
In this thesis, we present a system that allows for an easy access to this information. In contrast to existing solutions our approach is not based on a server-client architecture. Geostry bases on a peer-to-peer system and thus incorporates all the advantages, such as self-organization, fairness (in terms of costs), scalability and many more. Setting up the network is realized through a decentralized bootstrapping protocol based on an existing Internet service to provide robustness and availability. To selectively find geographic-related information Geostry supports spatial queries. They - among other things - enable the user to search for information e.g. in a certain district only. Sometimes, a certain piece of information raises particular interest. To cope with the run on the single computer that provides this specific information, Geostry offers dynamic replication mechanisms. Thereby, the information is replicated for as long as the rush lasts. Thus, Geostry offers all aspects from setting up a network, providing access to geo-related information and replication methods to provide accessibility in times of high loads
Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies
The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet
protocols and networks lend themselves well to being exploited by criminals to
execute a large range of cybercrimes. The types of crimes aided by P2P
technology include copyright infringement, sharing of illicit images of
children, fraud, hacking/cracking, denial of service attacks and virus/malware
propagation through the use of a variety of worms, botnets, malware, viruses
and P2P file sharing. This project is focused on study of active P2P nodes
along with the analysis of the undocumented communication methods employed in
many of these large unstructured networks. This is achieved through the design
and implementation of an efficient P2P monitoring and crawling toolset. The
requirement for investigating P2P based systems is not limited to the more
obvious cybercrimes listed above, as many legitimate P2P based applications may
also be pertinent to a digital forensic investigation, e.g, voice over IP,
instant messaging, etc. Investigating these networks has become increasingly
difficult due to the broad range of network topologies and the ever increasing
and evolving range of P2P based applications. In this work we introduce the
Universal P2P Network Investigation Framework (UP2PNIF), a framework which
enables significantly faster and less labour intensive investigation of newly
discovered P2P networks through the exploitation of the commonalities in P2P
network functionality. In combination with a reference database of known
network characteristics, it is envisioned that any known P2P network can be
instantly investigated using the framework, which can intelligently determine
the best investigation methodology and greatly expedite the evidence gathering
process. A proof of concept tool was developed for conducting investigations on
the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital
Forensics and Cybercrime Investigation in the School of Computer Science,
University College Dublin in October 201
Distributed Denial of Service Attacks on Cloud Computing Environment
This paper aimed to identify the various kinds of distributed denial of service attacks (DDoS) attacks, their destructive capabilities, and most of all, how best these issues could be counter attacked and resolved for the benefit of all stakeholders along the cloud continuum, preferably as permanent solutions. A compilation of the various types of DDoS is done, their strike capabilities and most of all, how best cloud computing environment issues could be addressed and resolved for the benefit of all stakeholders along the cloud continuum. The key challenges against effective DDoS defense mechanism are also explored
- …