Detecting Algorithmically Generated Malicious Domain Names
Size: px
Start display at page:

Download "Detecting Algorithmically Generated Malicious Domain Names"

Transcription

1 Detecting Algorithmically Generated Malicious Domain Names Sandeep Yadav, Texas A&M University IT Security for the Next Generation American Cup, New York 9-11 November, 2011

2 Introduction Botnets, a network of bots (compromised hosts) under a Command & Control server, responsible for: Spamming Phishing DDoS Recent (in-)famous botnets: PAGE 2

3 Modus Operandi bota C&C Location #1 botb C&C Location #2 botc C&C Location #3 Location #1 Location #2 Location #3 Domain fakjdfhak.botnet.com xxcvsdf.botnet.com lkdsjlllh.botnet.com IP A1.B1.C1.D1 A2.B2.C2.D2 A3.B3.C3.D3 PAGE 3

4 Objective fakjdfhak.botnet.com lkdsjlllh.botnet.com xxcvsdf.botnet.com Goal Detect domain-fluxing botnets by exploiting the randomness in domain names. PAGE 4

5 Groups for Analysis Per-domain fakjdfhak.botnet.com lkdsjlllh.botnet.com xxcvsdf.botnet.com Botnet.com Per-IP kdjfhk.org weiyrilskjd.com hlkhdfds.info IP: Per-component Domain1 Domain2 IP1 IP2 The whole component PAGE 5

6 Metrics for analysis Kullback- Leibler divergence Jaccard Index Edit Distance PAGE 6

7 Metrics for analysis (Kullback-Leibler Divergence) A measure of similarity between two probability distributions. PAGE 7

8 Metrics for analysis (Jaccard Index) Evaluates similarity with a benign database of bigrams E.g. xjisov.botnet.com Break into bigrams xj ji is so ov Compute the fraction of bigrams present in the benign database Benign groups will have a higher value of this metric. PAGE 8

9 Metrics for analysis (Edit Distance) The number of character modifications (addition, deletion, or substitution) required to convert one string to other. E.g. When converting dog to cat, the edit distance is three. Intuitively, the edit distance for two randomized (possibly malicious) domains is higher. For instance: ns1.google.com -> ns2.google.com (Benign) sljslasdkja.com -> rjhbgjhr.org (Malicious) [low ED] [high ED] No reference database or distribution required. PAGE 9

10 Results Evaluation data set Tier-1 ISP dataset containing host of malicious domains (including Conficker). Benign data set DNS-PTR dataset containing PTR records for addresses in the IPv4 space. Malicious data set Domains for Storm, Kraken, Pushdo, etc., obtained from Botlab. PAGE 10

11 Results Per-domain analysis K-L divergence Jaccard Index Similarly, edit distance also performs reasonably well: With 500 test words, TPR: 100% for 8% FPR. PAGE 11

12 Results Per-component analysis Applied a supervised learning approach. Used L1-Regularization algorithm for classification. Used three features: K-L divergence for unigrams, Jaccard index, Edit distance Training based on one malicious (Conficker) component and remaining benign components. PAGE 12

13 Results Per-component analysis Outcome: Detected Conficker. Discovered the presence of Helldark botnet. Discovered a new botnet, we call, Mjuyh. 57-character long fourth level domain composed of random characters. One domain maps to 10 IP addresses. PAGE 13

14 Take Away Domain-fluxing botnets utilize high-entropy domain names. We deploy metrics such as Kullback- Leibler divergence, Jaccard index, and Edit distance for detecting such botnets. In addition to detecting known botnets, we discover new botnets. PAGE 14

15 Thank You Sandeep Yadav, Texas A&M University IT Security for the Next Generation American Cup, New York 9-11 November, 2011

Similar documents

RECENT botnets such as Conficker, Kraken and Torpig have

RECENT botnets such as Conficker, Kraken and Torpig have YADAV ET AL. : DETECTING ALGORITHMICALLY GENERATED DOMAIN-FLUX ATTACKS WITH DNS TRAFFIC ANALYSIS Detecting Algorithmically Generated Domain-Flux Attacks with DNS Traffic Analysis Sandeep Yadav, Student

More information

Detecting Algorithimically Generated Malicious Domain Names

Detecting Algorithimically Generated Malicious Domain Names Detecting Algorithimically Generated Malicious Domain Names Sandeep Yadav, Ashwath K.K. Reddy, and A.L. Narasimha Reddy Department of Electrical and Computer Engineering Texas A&M University College Station,

More information

Detecting Algorithmically Generated Malicious Domain Names

Detecting Algorithmically Generated Malicious Domain Names Detecting Algorithmically Generated Malicious Domain Names Sandeep Yadav, Ashwath K.K. Reddy, and A.L. Narasimha Reddy Department of Electrical and Computer Engineering Texas A&M University College Station,

More information

Winning with DNS Failures: Strategies for Faster Botnet Detection

Winning with DNS Failures: Strategies for Faster Botnet Detection Winning with DNS Failures: Strategies for Faster Botnet Detection Sandeep Yadav and A.L. Narasimha Reddy Department of Electrical and Computer Engineering, Texas A&M University sandeepy@tamu.edu,reddy@ece.tamu.edu

More information

SCALABLE TECHNIQUES FOR ANOMALY DETECTION. A Dissertation SANDEEP YADAV

SCALABLE TECHNIQUES FOR ANOMALY DETECTION. A Dissertation SANDEEP YADAV SCALABLE TECHNIQUES FOR ANOMALY DETECTION A Dissertation by SANDEEP YADAV Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of

More information

Security Incidents And Trends In Croatia. Domagoj Klasić dklasic@cert.hr

Security Incidents And Trends In Croatia. Domagoj Klasić dklasic@cert.hr Security Incidents And Trends In Croatia Domagoj Klasić dklasic@cert.hr Croatian National CERT About us Founded in 2008. in accordance with the Information Security Act We are a department of the Croatian

More information

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,

More information

Detection of Fast-Flux Networks Using Various DNS Feature Sets

Detection of Fast-Flux Networks Using Various DNS Feature Sets Detection of Fast-Flux Networks Using Various DNS Feature Sets Z Berkay Celik and Serna Oktug Department of Computer Engineering Istanbul Technical University Maslak, Istanbul, Turkey 34469 { zbcelik,oktug}@ituedutr

More information

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology

More information

EVILSEED: A Guided Approach to Finding Malicious Web Pages

EVILSEED: A Guided Approach to Finding Malicious Web Pages + EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

Security Solutions for the New Threads

Security Solutions for the New Threads Security Solutions for the New Threads We see things others can t Pablo Grande Sales Director, SOLA pgrande@arbor.net What a CISO Is Looking For Show Progress on Response Time Measurably improve our incident

More information

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =

More information

Security Intelligence Blacklisting

Security Intelligence Blacklisting The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence

More information

Cyber Security and Critical Information Infrastructure

Cyber Security and Critical Information Infrastructure Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes

More information

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,

More information

Adventures in Cybercrime. Piotr Kijewski CERT Polska/NASK

Adventures in Cybercrime. Piotr Kijewski CERT Polska/NASK Adventures in Cybercrime Piotr Kijewski CERT Polska/NASK Would you like a Porsche? Porsche Cayenne S Turbo: 149 000 USD Or maybe a different type? Porsche 911 Turbo: 149 000 USD The car is there Porsche

More information

SPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS

SPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS SPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS INTRODUCTION BOTNETS IN SPAMMING WHAT IS AUTORE? FACING CHALLENGES? WE CAN SOLVE THEM METHODS TO DEAL WITH THAT CHALLENGES Extract URL string, source server

More information

AT&T Real-Time Network Security Overview

AT&T Real-Time Network Security Overview AT&T Real-Time Network Security Overview Dan Solero Director of Security Technology, AT&T Know Your Enemy: Security Threats Extend Beyond Viruses & Worms Distributed Denial of Service Spam for Hire Social

More information

Beyond Aurora s Veil: A Vulnerable Tale

Beyond Aurora s Veil: A Vulnerable Tale Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF

More information

Shellshock. Oz Elisyan & Maxim Zavodchik

Shellshock. Oz Elisyan & Maxim Zavodchik Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable

More information

C&C Botnet Detection over SSL

C&C Botnet Detection over SSL C&C Botnet Detection over SSL Riccardo Bortolameotti University of Twente - EIT ICT Labs masterschool r.bortolameotti@student.utwente.nl Dedicated to my parents Remo and Chiara, and to my sister Anna 2

More information

Korea s experience of massive DDoS attacks from Botnet

Korea s experience of massive DDoS attacks from Botnet Korea s experience of massive DDoS attacks from Botnet April 12, 2011 Heung Youl YOUM Ph.D. SoonChunHyang University, Korea President, KIISC, Korea Vice-chairman, ITU-T SG 17 1 Table of Contents Overview

More information

Tracking and Characterizing Botnets Using Automatically Generated Domains

Tracking and Characterizing Botnets Using Automatically Generated Domains Tracking and Characterizing Botnets Using Automatically Generated Domains Hack In The Box October 17th, 2013 Politecnico di Milano, Italy @raistolo, stefano.zanero@polimi.it Federico Maggi, Politecnico

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

The Growing Problem of Outbound Spam

The Growing Problem of Outbound Spam y The Growing Problem of Outbound Spam An Osterman Research Survey Report Published June 2010 SPONSORED BY! #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058

More information

Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries

Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries Kazumichi Sato, Keisuke Ishibashi, Tsuyoshi Toyono, and Nobuhisa Miyake 2010 NTT Information Sharing Platform Laboratories

More information

A TASTE OF HTTP BOTNETS

A TASTE OF HTTP BOTNETS Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with

More information

Security Business Review

Security Business Review Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

Detection and Controlling of DDoS Attacks by a Collaborative Protection Network

Detection and Controlling of DDoS Attacks by a Collaborative Protection Network Detection and Controlling of DDoS Attacks by a Collaborative Protection Network Anu Johnson 1, Bhuvaneswari.P 2 PG Scholar, Dept. of C.S.E, Anna University, Hindusthan Institute of Technology, Coimbatore,

More information

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier Application Note TrustedSource in McAfee Firewall Enterprise McAfee version 8.1.0 and earlier Firewall Enterprise This document uses a question and answer format to explain the TrustedSource reputation

More information

BOTNET Detection Approach by DNS Behavior and Clustering Analysis

BOTNET Detection Approach by DNS Behavior and Clustering Analysis BOTNET Detection Approach by DNS Behavior and Clustering Analysis Vartika Srivastava, Ashish Sharma Dept of Computer science and Information security, JIIT Noida, India Abstract -Botnets are one of the

More information

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04. Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical

More information

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way

More information

Zero-Day Attack Finding Advanced Threats in ALL of Your Data. C F Chui, Arbor Networks

Zero-Day Attack Finding Advanced Threats in ALL of Your Data. C F Chui, Arbor Networks Zero-Day Attack Finding Advanced Threats in ALL of Your Data C F Chui, Arbor Networks Arbor Networks Overview 90% Percentage of world s Tier 1 service providers who are Arbor customers 107 Number of countries

More information

How to Use the Greymail Spam Filter

How to Use the Greymail Spam Filter How to Use the Greymail Spam Filter This guide will show you the basics of how to view messages flagged as spam, and how to recover them, if improperly flagged. For a full overview of the New Greymail

More information

Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic "" " Matt Thomas" Data Architect, Verisign Labs"

Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic Matt Thomas Data Architect, Verisign Labs Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic "" " Matt Thomas" Data Architect, Verisign Labs" About the Author"! Matthew Thomas! Data Architect" Verisign Labs"! Aziz Mohaisen!

More information

Report. Takeover of Virut domains

Report. Takeover of Virut domains Report Takeover of Virut domains February 25, CONTENTS Contents 1 Executive summary 2 2 Introduction 2 2.1 What is Virut?................................ 2 2.2 Takeover of Virut domains..........................

More information

Index Terms: DDOS, Flash Crowds, Flow Correlation Coefficient, Packet Arrival Patterns, Information Distance, Probability Metrics.

Index Terms: DDOS, Flash Crowds, Flow Correlation Coefficient, Packet Arrival Patterns, Information Distance, Probability Metrics. Volume 3, Issue 6, June 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Techniques to Differentiate

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

TAKING DOWN THE WORLD S LARGEST BOTNETS

TAKING DOWN THE WORLD S LARGEST BOTNETS TAKING DOWN THE WORLD S LARGEST BOTNETS Ali Mesdaq FireEye, Inc. Session ID: CLE W03 Session Classification: Advanced Credit Atif Mushtaq > Ali Mesdaq Real FireEye veteran Specialized in Botnets and CnC

More information

A Critical Investigation of Botnet

A Critical Investigation of Botnet Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior

More information

SoSe 2014: M-TANI: Big Data Analytics

SoSe 2014: M-TANI: Big Data Analytics SoSe 2014: M-TANI: Big Data Analytics Lecture 4 21/05/2014 Sead Izberovic Dr. Nikolaos Korfiatis Agenda Recap from the previous session Clustering Introduction Distance mesures Hierarchical Clustering

More information

An Efficient Methodology for Detecting Spam Using Spot System

An Efficient Methodology for Detecting Spam Using Spot System Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,

More information

Finding Domain-Generation Algorithms by Looking at Length Distributions

Finding Domain-Generation Algorithms by Looking at Length Distributions Finding Domain-Generation Algorithms by Looking at Length Distributions Miranda Mowbray Security and Cloud Lab, HP Labs HP Bristol, UK miranda.mowbray @ hp.com Josiah Hagen Tipping Point, HP Software HP

More information

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions Security Awareness For Website Administrators State of Illinois Central Management Services Security and Compliance Solutions Common Myths Myths I m a small target My data is not important enough We ve

More information

Removing Web Spam Links from Search Engine Results

Removing Web Spam Links from Search Engine Results Removing Web Spam Links from Search Engine Results Manuel EGELE pizzaman@iseclab.org, 1 Overview Search Engine Optimization and definition of web spam Motivation Approach Inferring importance of features

More information

Daryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011

Daryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011 AN ALGORITHM FOR HTTP BOT DETECTION Daryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011 Introduction In the

More information

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1,2, Yang Lei 1, Jin Wang 1 1 School of Computer & Software, Nanjing University of Information Science &Technology,

More information

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains

More information

Big Data for Security: Challenges, Opportunities, and Experiments

Big Data for Security: Challenges, Opportunities, and Experiments Big ata for Security: Challenges, Opportunities, and Experiments Prat yusa K. Manadhat a HP Labs Joint work with Stuart Haber, William Horne, Prasad Rao, and Sandeep Yadav Big at a is everywhere 2 Enterprises

More information

Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000

Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000 Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000

More information

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park 21. Botnets ENEE 757 CMSC 818V Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park http://ter.ps/757 https://www.facebook.com/sdsatumd Today s Lecture Where we ve been AuthenDcaDon

More information

We Know It Before You Do: Predicting Malicious Domains

We Know It Before You Do: Predicting Malicious Domains We Know It Before You Do: Predicting Malicious Domains Abstract Malicious domains play an important role in many attack schemes. From distributing malware to hosting command and control (C&C) servers and

More information

Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals

Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered

More information

Next-Generation DNS Monitoring Tools

Next-Generation DNS Monitoring Tools Next-Generation DNS Monitoring Tools Cyber Security Division 2012 Principal Investigators Meeting October 9, 2012 Wenke Lee and David Dagon Georgia Institute of Technology wenke@cc.gatech.edu 404-808-5172

More information

Protecting DNS Query Communication against DDoS Attacks

Protecting DNS Query Communication against DDoS Attacks Protecting DNS Query Communication against DDoS Attacks Ms. R. Madhuranthaki 1, Ms. S. Umarani, M.E., (Ph.D) 2 II M.Tech (IT), IT Department, Maharaja Engineering College, Avinashi, India 1 HOD, IT Department,

More information

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...

More information

Detecting P2P-Controlled Bots on the Host

Detecting P2P-Controlled Bots on the Host Detecting P2P-Controlled Bots on the Host Antti Nummipuro Helsinki University of Technology anummipu # cc.hut.fi Abstract Storm Worm is a trojan that uses a Peer-to-Peer (P2P) protocol as a command and

More information

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Protect your network: planning for (DDoS), Distributed Denial of Service attacks Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product

More information

Next Generation IPS and Reputation Services

Next Generation IPS and Reputation Services Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become

More information

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................

More information

Anti-Malware Technologies

Anti-Malware Technologies : Trend of Network Security Technologies Anti-Malware Technologies Mitsutaka Itoh, Takeo Hariu, Naoto Tanimoto, Makoto Iwamura, Takeshi Yagi, Yuhei Kawakoya, Kazufumi Aoki, Mitsuaki Akiyama, and Shinta

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

Implementation of Botcatch for Identifying Bot Infected Hosts

Implementation of Botcatch for Identifying Bot Infected Hosts Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus

More information

Email. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Email. Daniel Zappala. CS 460 Computer Networking Brigham Young University Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold

More information

Threat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com

Threat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little

More information

Zscaler Internet Security Frequently Asked Questions

Zscaler Internet Security Frequently Asked Questions Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices

More information

Network Anomaly Detection through Traffic Measurement

Network Anomaly Detection through Traffic Measurement Network Anomaly Detection through Traffic Measurement Yuming Jiang, Zhihua Jin, Atef Abdelkefi, Magnus Ask, Helge Skrautvol Abstract With the growth of the Internet, an increase in network anomalies is

More information

Big Data and Cyber Security A bibliometric study Jacky Akoka, Isabelle Comyn-Wattiau, Nabil Laoufi Workshop SCBC - 2015 (ER 2015) 1 Big Data a new generation of technologies and architectures, designed

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration

More information

Bronco Ltd does not allow any of the following content to be stored on its servers:

Bronco Ltd does not allow any of the following content to be stored on its servers: 1. Terms of Service Bronco Ltd reserves the right to suspend or cancel the hosting account and access to all of the services provided by Bronco Ltd, if it is deemed that the account has been used inappropriately.

More information

Cyber Attack Trend and Botnet

Cyber Attack Trend and Botnet Cyber Attack Trend and Botnet S.C. Leung CISSP CISA CBCP Agenda Botnet and Cyber Attack Trends Botnet Attack Trends Commercialization of Cyber Crime Professionalization of Cyber Crimeware Social Engineering

More information

DDoS Attacks Can Take Down Your Online Services

DDoS Attacks Can Take Down Your Online Services DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill

More information

FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY

FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY 23 September 2009 1 06-02-200906.02.2009 Ram Narain Email: ramnarain@hotmail.com 7 Tier Approach to Network & Cyber Security 5 levels of Security Tier 1

More information

About Botnet, and the influence that Botnet gives to broadband ISP

About Botnet, and the influence that Botnet gives to broadband ISP About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology

More information

Internet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology

Internet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology Internet Monitoring via DNS Traffic Analysis Wenke Lee Georgia Institute of Technology 0 Malware Networks (Botnets) 1 From General-Purpose to Targeted Attacks 11/14/12 2 Command and Control l Botnet design:

More information

BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection

BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection ABSTRACT Florian Tegeler University of Göttingen tegeler@cs.unigoettingen.de Giovanni Vigna UC Santa Barbara vígna@cs.ucsb.edu

More information

7.7 DDoS : Unknown Secrets and Botnet Counter-Attack. www.issuemakerslab.com sionics & kaientt

7.7 DDoS : Unknown Secrets and Botnet Counter-Attack. www.issuemakerslab.com sionics & kaientt 7.7 DDoS : Unknown Secrets and Botnet Counter-Attack sionics & kaientt Contents Overview Botnet Structure 7.7 DDoS Bot Malware Analysis Botnet Counter-Attack Demo Overview 7.7 DDoS Attack Cyber attack

More information

Using big data analytics to identify malicious content: a case study on spam emails

Using big data analytics to identify malicious content: a case study on spam emails Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime

More information

Index Terms Denial-of-Service Attack, Intrusion Prevention System, Internet Service Provider. Fig.1.Single IPS System

Index Terms Denial-of-Service Attack, Intrusion Prevention System, Internet Service Provider. Fig.1.Single IPS System Detection of DDoS Attack Using Virtual Security N.Hanusuyakrish, D.Kapil, P.Manimekala, M.Prakash Abstract Distributed Denial-of-Service attack (DDoS attack) is a machine which makes the network resource

More information

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Preetham Mohan Pawar (1000919136)

Preetham Mohan Pawar (1000919136) Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, Wenke Lee Presented By:- Preetham Mohan Pawar (1000919136) University of Texas, Arlington CSE Introduction. Basic concepts.( DNS ) Mobile

More information

Towards Proactive SPAM Filtering

Towards Proactive SPAM Filtering Towards Proactive SPAM Filtering DIMVA 2009 Laboratory for Dependable Distributed Systems Survey Motivation Sandnet Setup Template Creation Preliminary Results Summary & Future Work Motivation SPAM is

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

.tirol Anti-Abuse Policy

.tirol Anti-Abuse Policy Translation from German.tirol Anti-Abuse Policy This policy is based on Austrian legislation. In case of doubt the German version of this policy is in force. Page 1 Contents 1. Management Summary... 3

More information

How To Filter Email From A Spam Filter

How To Filter Email From A Spam Filter Spam Filtering A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER 2 Introduction Spam filtering is a catch- all term that describes the steps that happen to an email between a sender and a receiver

More information

Detecting Botnets with NetFlow

Detecting Botnets with NetFlow Detecting Botnets with NetFlow V. Krmíček, T. Plesník {vojtec plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell

More information

Access Control Rules: URL Filtering

Access Control Rules: URL Filtering The following topics describe how to configure URL filtering for your Firepower System: URL Filtering and Access Control, page 1 Reputation-Based URL Filtering, page 2 Manual URL Filtering, page 5 Limitations

More information

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics. Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based

More information

Detecting Bots with Automatically Generated Network Signatures

Detecting Bots with Automatically Generated Network Signatures Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,

More information

BotNets- Cyber Torrirism

BotNets- Cyber Torrirism BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation

More information

Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad

Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad M. Lakshmi Narayana, M.Tech CSE Dept, CMRTC, Hyderabad Abstract:

More information

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers

More information

That Ain t You: Blocking Spearphishing Through Behavioral Modelling

That Ain t You: Blocking Spearphishing Through Behavioral Modelling That Ain t You: Blocking Spearphishing Through Behavioral Modelling Gianluca Stringhini and Olivier Thonnard University College London, Amadeus g.stringhini@ucl.ac.uk, olivier.thonnard@amadeus.com Abstract.

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information