Fingerprinting Internet DNS Amplification DDoS Activities

This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) activities using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work is to extract cyber security intelligence related to DNS Amplification DDoS activities such as detection period, attack duration, intensity, packet size, rate and geo-location in addition to various network-layer and flow-based insights. To achieve this task, the proposed approach exploits certain DDoS parameters to detect the attacks. We empirically evaluate the proposed approach using 720 GB of real darknet data collected from a /13 address space during a recent three months period. Our analysis reveals that the approach was successful in inferring significant DNS amplification DDoS activities including the recent prominent attack that targeted one of the largest anti-spam organizations. Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS attacks. Further, the results uncover high-speed and stealthy attempts that were never previously documented. The case study of the largest DDoS attack in history lead to a better understanding of the nature and scale of this threat and can generate inferences that could contribute in detecting, preventing, assessing, mitigating and even attributing of DNS amplification DDoS activities.Comment: 5 pages, 2 figure

ANALYSIS OF BOTNET CLASSIFICATION AND DETECTION BASED ON C&C CHANNEL

Botnet is a serious threat to cyber-security. Botnet is a robot that can enter the computer and perform DDoS attacks through attacker’s command. Botnets are designed to extract confidential information from network channels such as LAN, Peer or Internet. They perform on hacker's intention through Command & Control(C&C) where attacker can control the whole network and can clinch illegal activities such as identity theft, unauthorized logins and money transactions. Thus, for security reason, it is very important to understand botnet behavior and go through its countermeasures. This thesis draws together the main ideas of network anomaly, botnet behavior, taxonomy of botnet, famous botnet attacks and detections processes. Based on network protocols, botnets are mainly 3 types: IRC, HTTP, and P2P botnet. All 3 botnet's behavior, vulnerability, and detection processes with examples are explained individually in upcoming chapters. Meanwhile saying shortly, IRC Botnet refers to early botnets targeting chat and messaging applications, HTTP Botnet targets internet browsing/domains and P2P Botnet targets peer network i.e. decentralized servers. Each Botnet's design, target, infecting and spreading mechanism can be different from each other. For an instance, IRC Botnet is targeted for small environment attacks where HTTP and P2P are for huge network traffic. Furthermore, detection techniques and algorithms filtration processes are also different among each of them. Based on these individual botnet's behavior, many research papers have analyzed numerous botnet detection techniques such as graph-based structure, clustering algorithm and so on. Thus, this thesis also analyzes popular detection mechanisms, C&C channels, Botnet working patterns, recorded datasets, results and false positive rates of bots prominently found in IRC, HTTP and P2P. Research area covers C&C channels, botnet behavior, domain browsing, IRC, algorithms, intrusion and detection, network and peer, security and test results. Research articles are conducted from scientific books through online source and University of Turku library

Fuzzy logic‐based trusted routing protocol using vehicular cloud networks for smart cities

Due to the characteristics of vehicular ad hoc networks, the increased mobility of nodes and the inconsistency of wireless communication connections pose significant challenges for routing. As a result, researchers find it to be a fascinating topic to study. Furthermore, since these networks are vulnerable to various assaults, providing an authentication method between the source and destination nodes is crucial. How to route in such networks more efficiently, taking into account node mobility characteristics and accompanying massive historical data, is still a matter of discussion. Fuzzy logic-based Trusted Routing Protocol for vehicular cloud networks (FTRP) is proposed in this study that determines the secure path for data dissemination. Fuzzy Logic determines the node candidacy value and selects or rejects a path accordingly. The cloud assigns a confidence score to each vehicle based on the data it collects from nodes after each interaction. Our study identifies the secure path on the basis of trust along with factors such as speed, closeness to other nodes, signal strength and distance from the neighbouring nodes. Simulations of the novel protocol demonstrate that it can keep the packet delivery ratio high with little overhead and low delay. FTRP has significant implications for deploying Vehicular Cloud Networks using electric vehicle technologies in smart cities. The routing data is collected with the help of Internet of Technology (IOT) sensors. The information is transmitted between vehicles using IOT gateways

Botnet Detection Using Graph Based Feature Clustering

Detecting botnets in a network is crucial because bot-activities impact numerous areas such as security, finance, health care, and law enforcement. Most existing rule and flow-based detection methods may not be capable of detecting bot-activities in an efficient manner. Hence, designing a robust botnet-detection method is of high significance. In this study, we propose a botnet-detection methodology based on graph-based features. Self-Organizing Map is applied to establish the clusters of nodes in the network based on these features. Our method is capable of isolating bots in small clusters while containing most normal nodes in the big-clusters. A filtering procedure is also developed to further enhance the algorithm efficiency by removing inactive nodes from bot detection. The methodology is verified using real-world CTU-13 and ISCX botnet datasets and benchmarked against classification-based detection methods. The results show that our proposed method can efficiently detect the bots despite their varying behaviors