Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Review on Botnet Threat Detection in P2P

Botnets are nothing but the malicious codes such as viruses which are used for attacking the computers. These are act as threats and are very harmful. Due to distributed nature of botnets, it is hard to detect them in peer-to-peer networks. So we require the smarter technique to detect such threats. The automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. This paper gives the review on the various techniques used to detect such botnets. DOI: 10.17762/ijritcc2321-8169.15026

Liability for Botnet Attacks

This paper will consider the possibility of using tort liability to address cyber insecurity. In previous work, I have proposed a hypothetical lawsuit by the victim of a DDoS attack against the vendor of unreasonably insecure software, the flaws of which are exploited to create the DDoS attack army. Indeed, software vendors are facing increasing public disapproval for their contributions to cyber insecurity. However, not all DDoS attack armies are assembled by exploiting flaws in software. Computers are also infected when users voluntarily open infected email attachments or download infected files from file-sharing networks. Accordingly, the cyber insecurity resulting from the large numbers of average end-users with infected computers cannot be entirely addressed by reducing the number of exploitable flaws in widely-deployed software. It may be useful to find additional ways to address other avenues of infection

A Review-Botnet Detection and Suppression in Clouds

Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets is well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. Botnet attacks degrade the status of Internet security. Clouds provide botmaster with an ideal environment of rich computing resources where it can easily deploy or remove C&C server and perform attacks.  It is of vital importance for cloud service providers to detect botnet,  prevent attack,  and trace back to the botmaster.  It also becomes necessary to detect and suppress these bots to protect the clouds. This paper provides the various botnet detection techniques and the comparison of various botnet detection techniques. It also provides the botnet suppression technique in cloud. Keywords: Cloud computing, network security, botnet, botmmaster, botnet detection, botnet suppressio

A Large-Scale Study of Phishing PDF Documents

Phishing PDFs are malicious PDF documents that do not embed malware but trick victims into visiting malicious web pages leading to password theft or drive-by downloads. While recent reports indicate a surge of phishing PDFs, prior works have largely neglected this new threat, positioning phishing PDFs as accessories distributed via email phishing campaigns. This paper challenges this belief and presents the first systematic and comprehensive study centered on phishing PDFs. Starting from a real-world dataset, we first identify 44 phishing PDF campaigns via clustering and characterize them by looking at their volumetric, temporal, and visual features. Among these, we identify three large campaigns covering 89% of the dataset, exhibiting significantly different volumetric and temporal properties compared to classical email phishing, and relying on web UI elements as visual baits. Finally, we look at the distribution vectors and show that phishing PDFs are not only distributed via attachments but also via SEO attacks, placing phishing PDFs outside the email distribution ecosystem. This paper also assesses the usefulness of the VirusTotal scoring system, showing that phishing PDFs are ranked considerably low, creating a blind spot for organizations. While URL blocklists can help to prevent victims from visiting the attack web pages, PDF documents seem not subjected to any form of content-based filtering or detection

Availability of Datasets for Digital Forensics–And What is Missing

This paper targets two main goals. First, we want to provide an overview of available datasets that can be used by researchers and where to find them. Second, we want to stress the importance of sharing datasets to allow researchers to replicate results and improve the state of the art. To answer the first goal, we analyzed 715 peer-reviewed research articles from 2010 to 2015 with focus and relevance to digital forensics to see what datasets are available and focused on three major aspects: (1) the origin of the dataset (e.g., real world vs. synthetic), (2) if datasets were released by researchers and (3) the types of datasets that exist. Additionally, we broadened our results to include the outcome of online search results.We also discuss what we think is missing. Overall, our results show that the majority of datasets are experiment generated (56.4%) followed by real world data (36.7%). On the other hand, 54.4% of the articles use existing datasets while the rest created their own. In the latter case, only 3.8% actually released their datasets. Finally, we conclude that there are many datasets for use out there but finding them can be challenging

Efficiency and Nash Equilibria in a Scrip System for P2P Networks

A model of providing service in a P2P network is analyzed. It is shown that by adding a scrip system, a mechanism that admits a reasonable Nash equilibrium that reduces free riding can be obtained. The effect of varying the total amount of money (scrip) in the system on efficiency (i.e., social welfare) is analyzed, and it is shown that by maintaining the appropriate ratio between the total amount of money and the number of agents, efficiency is maximized. The work has implications for many online systems, not only P2P networks but also a wide variety of online forums for which scrip systems are popular, but formal analyses have been lacking