Flooding attacks to internet threat monitors (ITM): Modeling and counter measures using botnet and honeypots

The Internet Threat Monitoring (ITM),is a globally scoped Internet monitoring system whose goal is to measure, detect, characterize, and track threats such as distribute denial of service(DDoS) attacks and worms. To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address flooding attack against ITM system in which the attacker attempt to exhaust the network and ITM's resources, such as network bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. Based on this model we generalize the flooding attacks and propose an effective attack detection using Honeypots

An Effective SPOT System by Monitoring Outgoing Messages

ABSTRACT-Develop an effective spam zombie detection system named SPOT. In the network SPOT can be used to monitoring outgoing messages. Using internet some attacker try to spread the spams or malware in order to collect the information about the network. The detection of the compromised machines in the network that are involved in the spamming activities is known as spam zombie detection system. The detection system can be used to identify the misbehavior of the person using Spam zombie detection system. We will create a framework to identify the message from the various persons. This system will record the information of the IP address using SPOT Detection Algorithm. We also compare the performance of SPOT with two other spam zombie detection algorithms based on the count and percentage of spam messages originated or forwarded by internal machines. Using these above techniques we will avoid and block the person who sends the spam's message

Assessment of the status of spam in the Kingdom of Saudi Arabia

AbstractSpam is a serious threat to Information and Communications Technology (ICT) worldwide. It is used to not only transmit unsolicited messages, but also malware of every stripe and to propagate various types of phishing schemes. Spam has become so internationally wide-spread that in some regions it represents over 90% of the total e-mail traffic.The purpose of this paper is to report the findings of the study commissioned by the Communications and Information Technology Commission to ascertain the magnitude of spam in the Kingdom of Saudi Arabia and formulate a comprehensive multi-pronged solution for handling spam in Saudi Arabia based upon best international practices, current situation and national requirements.This paper will only focus on determining the current state of spam in KSA, focusing on obtaining a good understanding of the nature and prevalence of spam within Saudi Arabia. This information will then form the basis upon which the anti-spam national strategy framework will be based.The study was compiled using the statistics that were gathered from stakeholders via different means including questionnaires, interviews and meetings. It covers e-mail, mobile and fax spam. It also highlights some of the stakeholders’ concerns and recommendations regarding spam, as well as the measures taken by these stakeholders to control spam in their networks

Listening to botnet communication channels to protect information systems

Botnets are a weapon of choice for people who wish to exploit information systems for economic advantage. A large percentage of high value commercial targets such as banking transaction systems and human customers are web connected so that access is gained through Internet services. A Botnet is designed to maximise the possibility of an economic success through the low cost of attacks and the high number that may be attempted in any small time unit. In this paper we report exploratory research into the communications of Botnets. The research question was: How do Botnets talk with the command and control channels? The research method is to catch binaries in a low interaction honey pot and then to provide a secure test bed in which the binaries can demonstrate the actions of malicious activity. One of the actions performed by a binary is communication with the Bot master and this action is the focus of our study. We also provide a feedback loop in which suggestions are made to protect an Information System and the users

Honeynet design and implementation

Over the past decade, webcriminality has become a real issue. Because they allow the botmasters to control hundreds to millions of machines, botnets became the first-choice attack platform for the network attackers, to launch distributed denial of service attacks, steal sensitive information and spend spam emails. This work aims at designing and implementing a honeynet, specific to IRC bots. Our system works in 3 phasis: (1) binaries collection, (2) simulation, and (3) activity capturing and monitoring. Our phase 2 simulation uses an IRC redirection to extract the connection information thanks to a IRC redirection (using a DNS redirection and a "fakeserver"). In phase 3, we use the information previously extracted to launch our honeyclient, which will capture and monitor the traffic on the C&C channel. Thanks to our honeynet, we create a database of the activity of IRC botnets (their connection characteristics, commands on the C&C ), and hope to learn more about their behavior and the underground market they create.M.S.Committee Chair: Wenke Lee; Committee Member: Jonathon Giffin; Committee Member: Mustaque Ahama

Detecting spam relays by SMTP traffic characteristics using an autonomous detection system

Spam emails are flooding the Internet. Research to prevent spam is an ongoing concern. SMTP traffic was collected from different sources in real networks and analyzed to determine the difference regarding SMTP traffic characteristics of legitimate email clients, legitimate email servers and spam relays. It is found that SMTP traffic from legitimate sites and non-legitimate sites are different and could be distinguished from each other. Some methods, which are based on analyzing SMTP traffic characteristics, were purposed to identify spam relays in the network in this thesis. An autonomous combination system, in which machine learning technologies were employed, was developed to identify spam relays in this thesis. This system identifies spam relays in real time before spam emails get to an end user by using SMTP traffic characteristics never involving email real content. A series of tests were conducted to evaluate the performance of this system. And results show that the system can identify spam relays with a high spam relay detection rate and an acceptable ratio of false positive errors