Unstructured Peer-to-Peer Botnet Simulation for Measuring Its Robustness

Malware attacks on the Internet have increasedsubstantially in recent years for which botnets are a root cause. A "botnet" is a network of compromised computers controlled by an attacker known as the "botmaster". To be able to effectively detect and defend against botnets, it is very important to have a good understanding of their construction procedure and propagation methodology. In this work, we study the construction of an unstructured peer-to-peer botnet, its propagation methodology, diurnal properties and robustness. This simulation shows that the more frequently a node updates its buddy list, the lesser is the process overhead involved

Role of ICT and usability of Honeypots in Kenet member institutions in Western Kenya as proactive detection tools for monitoring cyber related incidences

With the advent of the ever changing technology and the intense sophistication in methods and means of committing illegal activities, crime is no longer narrowly defined vies-a-vie the law but there is need to be able to handle technologically oriented crimes commonly referred to as Cybercrimes. Cybercrimes are crimes that involve the use of computers to undertake illegal. Collection of statistics associated with cybercrimes can be quite tricky and daunting, since their collection and tabulation can only be done when aggrieved parties report them. Some of these illegal activities that constitute cybercrimes include, but not limited to, creation of counterfeit currency or official documents using computer scanners and graphics programs, embezzlement of funds using computers to skim very small sums of money from a large number of accounts, distribution of child pornography on the Internet, and theft of digital property. Other crimes that can also be committed include fraud, hate crimes, stalking, gambling, hacking; spread of malware, phishing, spamming, Botnet attacks, DDoS attacks, espionage and money laundering. In this paper we present results on usability of HoneyPots in KENET member institutions in western Kenya as proactive detection tools for monitoring cyber related incidences.Â

Unstructured Peer-to-Peer Botnet Simulation for Measuring Its Robustness

Malware attacks on the Internet have increasedsubstantially in recent years for which botnets are a root cause. A "botnet" is a network of compromised computers controlled by an attacker known as the "botmaster". To be able to effectively detect and defend against botnets, it is very important to have a good understanding of their construction procedure and propagation methodology. In this work, we study the construction of an unstructured peer-to-peer botnet, its propagation methodology, diurnal properties and robustness. This simulation shows that the more frequently a node updates its buddy list, the lesser is the process overhead involved

Web attack risk awareness with lessons learned from high interaction honeypots

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009Com a evolução da web 2.0, a maioria das empresas elabora negócios através da Internet usando aplicações web. Estas aplicações detêm dados importantes com requisitos cruciais como confidencialidade, integridade e disponibilidade. A perda destas propriedades influencia directamente o negócio colocando-o em risco. A percepção de risco providencia o necessário conhecimento de modo a agir para a sua mitigação. Nesta tese foi concretizada uma colecção de honeypots web de alta interacção utilizando diversas aplicações e sistemas operativos para analisar o comportamento do atacante. A utilização de ambientes de virtualização assim como ferramentas de monitorização de honeypots amplamente utilizadas providencia a informação forense necessária para ajudar a comunidade de investigação no estudo do modus operandi do atacante, armazenando os últimos exploits e ferramentas maliciosas, e a desenvolver as necessárias medidas de protecção que lidam com a maioria das técnicas de ataque. Utilizando a informação detalhada de ataque obtida com os honeypots web, o comportamento do atacante é classificado entre diferentes perfis de ataque para poderem ser analisadas as medidas de mitigação de risco que lidam com as perdas de negócio. Diferentes frameworks de segurança são analisadas para avaliar os benefícios que os conceitos básicos de segurança dos honeypots podem trazer na resposta aos requisitos de cada uma e a consequente mitigação de risco.With the evolution of web 2.0, the majority of enterprises deploy their business over the Internet using web applications. These applications carry important data with crucial requirements such as confidentiality, integrity and availability. The loss of those properties influences directly the business putting it at risk. Risk awareness provides the necessary know-how on how to act to achieve its mitigation. In this thesis a collection of high interaction web honeypots is deployed using multiple applications and diverse operating systems in order to analyse the attacker behaviour. The use of virtualization environments along with widely used honeypot monitoring tools provide the necessary forensic information that helps the research community to study the modus operandi of the attacker gathering the latest exploits and malicious tools and to develop adequate safeguards that deal with the majority of attacking techniques. Using the detailed attacking information gathered with the web honeypots, the attacking behaviour will be classified across different attacking profiles to analyse the necessary risk mitigation safeguards to deal with business losses. Different security frameworks commonly used by enterprises are analysed to evaluate the benefits of the honeypots security concepts in responding to each framework’s requirements and consequently mitigating the risk

OnionBots: Subverting Privacy Infrastructure for Cyber Attacks

Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots achieve a low diameter and a low degree and are robust to partitioning under node deletions. We developed a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and discuss a set of techniques that can enable subsequent waves of Super OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure

The White-hat Bot: A Novel Botnet Defense Strategy

Botnets are a threat to computer systems and users around the world. Botmasters can range from annoying spam email propagators to nefarious criminals. These criminals attempt to take down networks or web servers through distributed denial-of-service attacks, to steal corporate secrets, or to launder money from individuals or corporations. As the number and severity of successful botnet attacks rise, computer security experts need to develop better early-detection and removal techniques to protect computer networks and individual computer users from these very real threats. I will define botnets and describe some of their common purposes and current uses. Next, I will reveal some of the techniques currently used by software security professionals to combat this problem. Finally I will provide a novel defensive strategy, the White-hat Bot (WHB), with documented experiments and results that may prove useful in the defense against botnets in the future