A Review on IRC Botnet Detection and Defence

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Review on IRC Botnet Detection and Defence"

Transcription

1 A Review on IRC Botnet Detection and Defence Bernhard Waldecker St. Poelten University of Applied Sciences, Austria Bachelor programme: IT-Security 1 Introduction Nowadays botnets pose an enormous security threat to our networked society. Spam s, Distributed Denial-of-Service (DDOS) attacks or identity thefts are examples for problems caused by botnets. In their yearly published paper The IT-Security Situation in Germany in 2007 the German Federation for Information Security mentions that the sizes of botnets are scaling down, but the number of botnets steadily increases (cf. German Federal Office for Information Security 2007, p 28). One possible reason for this development arises from the fact that smaller botnets are more difficult to detect and consequently harder to combat. IT security professionals are aware of the problems emerging from botnets leading to intensive research effort to develop new approaches to detect and fight botnets. When it comes to detection approaches, the communication architecture plays an important role. To the current state of research the architecture of botnets can be classified by their communication structure between the Command & Control (C&C) server and the infected system (cf. Holz 2009, pp 4f.): centralized architecture: Internet Relay Chat (IRC) centralized architecture: Hypertext Transfer Protocol (HTTP) decentralized architecture: Peer-to-Peer (P2P). The major attention of this paper lies on the centralized architecture Internet Relay Chat. The Internet Relay Chat Protocol is standardised through the Internet Engineering Task Force (IETF), for example in the Request for Comments (RFC) like (1) RFC 2810 (Kalt 2000) and (2) RFC 1459 (Oikarinen & Reed 1993). Generally, the IRC protocol offers the possibility to communicate with other people across special IRC channels. The aim of this paper is to introduce the state of the art IRC botnet detection methods, the possibilities to defeat and how the botmasters can infiltrate the diverse detection methods. Lifecycle of an IRC botnet Generally, the lifecycle of a botnet (see Figure 1) consists of seven steps. The first step is that the botmaster has to find new possible targets. Then the botmaster tries to infect the system and after a successful exploitation, the system downloads the dedicated botnet binaries from one of the botnet servers (cf. Lu & Ghorbani 2008, p 1). After that, each bot on the botnet will attempt to find the IRC server address by DNS query [...] Next is the communication step between bots and IRC server. In IRC based communication mechanism, a bot first sends a PASS message to the IRC server to start a session and then the server authenticates the bot by checking its password. In many cases, the botmaster also needs to authenticate itself to the IRC server. Upon the completion of these authentications, the command and control channels among botmaster, bots, and IRC server will be established. To start a DDoS attack, the botmaster only needs to send a simple command like ''.ddos.start victim\_ip'' while all bots receive this command and start to attack the victim server (Lu & Ghorbani 2008, p 1) 1/9

2 Figure 1 Lifecycle of a botnet (Lu & Ghorbani 2008, p 1) 2 A State of the Art Review on Botnet Detection and Defence This section is dedicated to state-of-the-art techniques to detect and fight botnets. The remainder of this section is structured as follows: The first two subsections introduce different approaches to detect botnets. There are different approaches to detect IRC botnets, the approaches can be classified as follows: host-based procedures: detection of possible anomalies or modification of the file system network-based procedures: inspection of the network traffic respective to anomalies or specific singularities of the IRC protocol which can be a hint for a botnet combined procedures: the combination of host and network based methods. Subsequently, the subsection Botnet Defence outlines approaches that currently try to fight botnets. The last subsection Infiltration of the detection methods outlines the current methods with which methods botmasters could undercut the different detection methods are declared. 2.1 Botnet detection: Host-based procedures Host-based procedures try to detect possible anomalies or modifications of the host system. One method for such a host-based method is Antivirus (AV) software. One detection approach of AV software is the use of signature to detect malicious software and resembles a reactive approach. This means that there has to be an allocation for each malicious software in the signature database. The signatures are also the weakness of this procedure, because if the botmaster modifies the source code the signature that is allocating to this specific bot does not match anymore (cf. Wurzinger et al. 2009, p 1). Another disadvantage of the signature approach is that if there is no signature for a bot, the AV is not able to detect the malicious code. The conclusion that can be drawn out of these weaknesses is that if the size of the botnet is marginal, the probability that the Antivirus companies create a signature that could detect the bot binary is small (cf. German Federal Office for Information Security 2009, p 20). As a result of the diverse weaknesses another approach in host-based detection is the static of dynamic analysis of unknown software was developed. This means that the unknown software is 2/9

3 analysed according to its behaviour. However, for the additional step the software has to be installed on every system, thereby the analysis creates an overhead, consequently the system becomes duller (cf. Wurzinger et al. 2009, p 1). Another method for host-based procedures is the detection of new unintentional, modified or deleted files, new installed software or modifications in the Microsoft Windows Registry. This method is also used in honeypots to collect and analyse malware binaries (cf. Zhuge et al. 2007, p 4). By analysies of the collected malware binaries, it is possible to extract IRC relevant data such as IRC username, the IRC channel, DNS or IP addresses. 2.2 Botnet detection: Network-based procedures The detection of botnets using network-based procedures is mainly predicated on checking the network traffic for anomalies or specific singularities of the IRC protocol. The network traffic can be checked during the transfer or can be recorded and analysed at a later date. However, the diverse methods have not to prove every protocol, because there are only two relevant protocols, the Transmission Control Protocol (TCP) and the Internet Relay Chat protocol (IRC) (cf. Strayer et al. 2006, p 3). Vertical Correlation Vertical correlation means that the network-based detection focuses on individual or single bot infections. The referring software checks the network traffic with precast patterns for communications between the infected system and the C&C server or other relevant activities (cf. Wurzinger et al. 2009, p 1). This procedure has the disadvantage as the signature-based procedure, because without patterns or signatures the botnet traffic cannot be detected. Horizontal Correlation In contrast to the vertical correlation, the horizontal correlation tries to detect two or more infected systems in the network. The detection mechanism searches for analogies in the network traffic, for instance the same C&C server (cf. Wurzinger et al. 2009, p 1). The key problem with this explanation is that individual or different bots cannot be detected inside a network, because there is no affinity between at least two bots. Therefore, two different bots are able to remain unnoticed in the network. Anomaly detection procedure An anomaly in the network traffic is a variance or a special abnormity in comparison with the common network traffic. One procedure is to check the network traffic for high capacity utilisation, because this utilisation can have three reasons (cf. Binkley & Singh 2006, p 44): network scans lacking of servers Peer-to-Peer (P2P) applications. Binkley and Singh (2006) describe in their paper An Algorithm for Anomaly-based Botnet Detection that one infected host which performs a network scan is not an anomaly. However, if there are many hosts performing a network scan and they are in the same IRC channel this phenomenon is an abnormality compared to the common network traffic (cf. Binkley & Singh 2006, p 44). Another anomaly detection method is the comparison of sent and received s. If more mails have been sent than received, it indicates for a potential spambot infection (cf. Abu Hamed Mohammad Misbah Uddin 2009, p 5) A specific IRC anomaly detection procedure is the measurement of the IRC response time. A human is not able to respond as fast as malicious software (cf. Lu, Tavallaee & Ghorbani 2009, p 74). Consequently, it is possible to compare all the response times. The botmaster tries to contact the infected systems in order to synchronise data or to check if the system is already up. The following two figures show this behaviour: 3/9

4 Figure 2 Average byte frequency over 256 ASCIIs for normal IRC flow (Lu, Tavallaee & Ghorbani 2009, p 74) Figure 3 Average byte frequency over 256 ASCIIs for botnet IRC flow (Lu, Tavallaee & Ghorbani 2009, p 74) IRC specific detection procedures All IRC Bots have in common that they have to receive commands from the C&C server or have to send messages, for example for synchronisation, to the C&C server. The standardisation of the IRC (Kalt 2000, Oikarinen & Reed 1993) protocol regulates also the recommended commands that should be used, for instance NICK, JOIN, USER, QUIT or MODE. Above all the selected nickname has to be unique in the IRC channels. The botmaster solves the problem for the unique nicknames with a trick. The nickname consists of two parts, a static and a dynamic part. The static part is commonly the name of the virus, trojaner or the country code and the dynamic one is a random number or letter combination (cf. Goebel & Holz 2007, p 5). Therefore, different methods are developed which try to detect automatically the noticeable IRC traffic. Examples for such applications are Rishi (Goebel & Holz 2007) or the diverse Intrusion Detection/Prevention Systems like Snort (Hanna 2004). The Intrusion Detection/Prevention Systems scan the network traffic with the help of predefined samples and so it is possible to extract the relevant data. Other methods like Rishi try to scan for IRC data like the nickname, extract the other relevant data like source and destination IP and save it in a so called connection object. Af- 4/9

5 terwards the data will be analysed and evaluated. In the following figure the concept of Rishi is presented: Figure 4 Basic concept of RISHI (Goebel & Holz 2007, p 5) 2.3 Botnet defence After the explanation of the diverse detection procedures, the question is how botnets could be combatted? Therefore, the first step is to look at the size of the network, because the defence in a local area network (LAN) is different to a wide area network (WAN). In a LAN, the responsible administrators can recover the affected systems with backups, can reinstall the operating system, or can harden the systems. In the WAN, the defence is different and more complex. Across the constraints of a LAN there has to be a good organized cooperation between the countries, the internet service provider (ISP) and the companies. One organizational possibility involves the adaptation and accordingly the modification of national and international laws, for instance within the EU (cf. Barroso 2007, p 6). Auxiliary the legitimate constraints of another countermeasure against botnets can be a better cooperation between the different national law enforcement agencies and private companies, for example working for a better dialogue and helping each other to detect, prevent and react to botnet incidents. Government Computer Emergency Response Teams (CERTs) are a valuable first point of contact, perhaps with ENISA acting as an additional focal point for long-term co-ordination and the sharing of best practice. (Barroso 2007, p 9). Internet service provider can check their network for noticeable traffic and can explore the IP addresses of the C&C servers or the infected systems. Consequently, the ISP can inform the affected customers to clean their system and the C&C server can be destructed or can be added to a special Blacklist. Another organizational method is informing the people about the danger of botnets, viruses and so on. Thereby the user awareness will be become better and people learn about the importance of, for example, security patches, Antivirus software or Firewall software. For this purpose, the problem of possible infections can be decreased, due to reduction of with potential vulnerabilities. 5/9

6 2.4 Infiltration of the detection methods Due to the detection procedures, the botmasters developed different methods to infiltrate the methods and consequently stay unnoticed. The botmasters utilise the weakness of the detection approaches, which are not able to embrace all possible detection methods (cf. Stinson & Mitchell 2008, p 6). Stinson and Mitchell (2008) classified the infiltration methods based on the complexity of the implementation and of the modification: low: without source code modifications medium: source code modifications with the aid of a bot-development kid high: marginal source code modifications very high: complex source code modification, for instance the modification of the C&C protocol Tactic 1: Encrypt Traffic; level of difficulty: medium Concerning one tactic of the botmasters is encrypting the traffic resulting in a difficult decision, if it is allowed or botnet traffic. The implementation is not hard, because the encryption can be activated with a bot-development kit and there is no limitation of the attacking effectiveness. Tactic 2: Threshold Attack; level of difficulty: hard A widely unnoticed method is to modify the time interval of the network packages. Consequently, the attacking effectiveness becomes wearer, however, the network detection approaches have problems to detect the correlation the slower network packages. Tactic 3: Perturb Flows; level of difficulty: very hard This attack is related to the second tactic, because the time interval of the network packages is modified. Auxiliary the next step is to play it safe that the C&C is not the whole time online and so this step limits the attacking rate, because the infected systems are not able to receive instructions from the C&C the whole time. Against IRC specific detection procedures the botmasters developed the attitude to change the standardised IRC commands. Therefore, the detection procedures are not able to identify noticeable network traffic without additional encodings. Another tactic against these detection procedures is to use regular nicknames instead of a static and a dynamic part. The following figures compare the automatic detection procedures with the infiltration methods: Figure 5 Description of some botnet characteristics upon which automated detection methods rely (Stinson & Mitchell 2008, p 4) 6/9

7 Figure 6 Automated botnet detection methods (in chronological order) and some characteristics on (Stinson & Mitchell 2008, p 4) Figure 7 The surveyed methods and an optimal evasive tactic which could be used to defeat each as well (Stinson & Mitchell 2008, p 6) 3 Conclusion This paper reviews about the state of the art of IRC botnet detection and defence approaches. The different detection approaches can be classified into host-based, network-based and combined methods. Host-based detection approaches try to detect anomalies or modifications of the host system. One method is to use signatures for the detection of viruses, trojaner or other malware. Therefore, the signatures have to be up to date, otherwise new malicious software cannot be detected. Another method in host-based detection is to check the file system for anomalies or modifications of the host system. The network-based approaches try to find anomalies or special IRC commands in the network traffic. Network scans or the number of sent s can be a hint for a possible bot infection. In addition, the response time of the IRC response can be measured, because the response time of malicious software is faster than the time of a human. There are also some IRC specific detection methods, which check the network traffic for the IRC commands like the nickname or which work with predefined samples. The organisational methods to combat botnets contain the modification or the adaption of national and international laws, a better cooperation between national law enforcement agencies and private companies and the fortification of the user awareness. Because of the developed detection approaches, the botmasters developed different tactics to stay further unnoticed. These tactics can be, for instance, encryption, the decrease of the time interval of the network packages or the modification of the IRC commands. 7/9

8 List of Figures Figure 1 Lifecycle of a botnet (Lu & Ghorbani 2008, p 1)... 2 Figure 2 Average byte frequency over 256 ASCIIs for normal IRC flow (Lu, Tavallaee & Ghorbani 2009, p 74)... 4 Figure 3 Average byte frequency over 256 ASCIIs for botnet IRC flow (Lu, Tavallaee & Ghorbani 2009, p 74)... 4 Figure 4 Basic concept of RISHI (Goebel & Holz 2007, p 5)... 5 Figure 5 Description of some botnet characteristics upon which automated detection methods rely (Stinson & Mitchell 2008, p 4)... 6 Figure 6 Automated botnet detection methods (in chronological order) and some characteristics on (Stinson & Mitchell 2008, p 4)... 7 Figure 7 The surveyed methods and an optimal evasive tactic which could be used to defeat each as well (Stinson & Mitchell 2008, p 6)... 7 References Abu Hamed Mohammad Misbah Uddin 2009, Detecting Botnets Based on Their Behaviors Perceived from Netflow Data. Barroso, D 2007, Botnets - The Silent Threat. Available from: Binkley, JR & Singh, S 2006, 'An Algorithm for Anomaly-based Botnet Detection'. Proceedings of USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI), pp German Federal Office for Information Security 2007, The IT-Security Situation in Germany Available from: f.pdf. German Federal Office for Information Security 2009, The IT-Security Situation in Germany Available from: df.pdf. Goebel, J & Holz, T 2007, 'Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation'. HotBots 07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, USENIX Association, Berkeley, CA, USA. Hanna, CW 2004, Using Snort to Detect Rogue IRC Bot Programs. Holz, T 2009, Tracking and mitigation of malicious remote control networks. Mannheim, Univ., Diss., Kalt, C 2000, Request for Comments (RFC) 2810: Internet Relay Chat - Architecture. Lu, W & Ghorbani, AA 2008, 'Botnets Detection Based on IRC-Community'. Global Telecommunications Conference, 2008, IEEE Computer Society, pp Lu, W, Tavallaee, M & Ghorbani, AA 2009, 'Automatic Discovery of Botnet Communities on Large-Scale Communication Networks'. ASIACCS 09: Proceedings of the 4th International Symposium on Information Computer, and Communications Security, ACM, New York, NY, USA, pp Oikarinen, J & Reed, D 1993, Request for Comments (RFC) 1459: Internet Relay Chat. 8/9

9 Stinson, E & Mitchell, JC 2008, 'Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods'. WOOT 08: Proceedings of the 2nd conference on USENIX Workshop on offensive technologies, USENIX Association, Berkeley, CA, USA, pp Strayer, WT, Walsh, R, Livadas, C & Lapsley, D 2006, 'Detecting Botnets with Tight Command and Control'. Proceedings of the 31st IEEE Conference on Local Computer Networks (LCN), pp Wurzinger, P, Bilge, L, Holz, T, Jan Goebel and Christopher Kruegel & Kirda, E 2009, Automatically Generating Models for Botnet Detection TR-iSecLab Zhuge, J, Holz, T, Han, X, Guo, J & Zou, W 2007, Characterizing the IRC-based Botnet Phenomenon, Universität Mannheim / Institut für Informatik, Mannheim. 9/9

Symptoms Based Detection and Removal of Bot Processes

Symptoms Based Detection and Removal of Bot Processes Symptoms Based Detection and Removal of Bot Processes 1 T Ravi Prasad, 2 Adepu Sridhar Asst. Prof. Computer Science and engg. Vignan University, Guntur, India 1 Thati.Raviprasad@gmail.com, 2 sridharuce@gmail.com

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets Sajjad Arshad 1, Maghsoud Abbaspour 1, Mehdi Kharrazi 2, Hooman Sanatkar 1 1 Electrical and Computer Engineering Department,

More information

Multifaceted Approach to Understanding the Botnet Phenomenon

Multifaceted Approach to Understanding the Botnet Phenomenon Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic

More information

Detecting Bots with Automatically Generated Network Signatures

Detecting Bots with Automatically Generated Network Signatures Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,

More information

Implementation of Botcatch for Identifying Bot Infected Hosts

Implementation of Botcatch for Identifying Bot Infected Hosts Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus

More information

Detecting P2P-Controlled Bots on the Host

Detecting P2P-Controlled Bots on the Host Detecting P2P-Controlled Bots on the Host Antti Nummipuro Helsinki University of Technology anummipu # cc.hut.fi Abstract Storm Worm is a trojan that uses a Peer-to-Peer (P2P) protocol as a command and

More information

Multi-phase IRC Botnet and Botnet Behavior Detection Model

Multi-phase IRC Botnet and Botnet Behavior Detection Model Multi-phase IRC otnet and otnet ehavior Detection Model Aymen Hasan Rashid Al Awadi Information Technology Research Development Center, University of Kufa, Najaf, Iraq School of Computer Sciences Universiti

More information

Detecting peer-to-peer botnets

Detecting peer-to-peer botnets Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,

More information

BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES

BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES Jonas Juknius, Nikolaj Goranin Vilnius Gediminas Technical University, Faculty of Fundamental Sciences Saulėtekio al. 11, 10223 Vilnius In this article

More information

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way

More information

Botnet Detection by Abnormal IRC Traffic Analysis

Botnet Detection by Abnormal IRC Traffic Analysis Botnet Detection by Abnormal IRC Traffic Analysis Gu-Hsin Lai 1, Chia-Mei Chen 1, and Ray-Yu Tzeng 2, Chi-Sung Laih 2, Christos Faloutsos 3 1 National Sun Yat-Sen University Kaohsiung 804, Taiwan 2 National

More information

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1,2, Yang Lei 1, Jin Wang 1 1 School of Computer & Software, Nanjing University of Information Science &Technology,

More information

A Critical Investigation of Botnet

A Critical Investigation of Botnet Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

An analysis of network trac characteristics for Botnet detection

An analysis of network trac characteristics for Botnet detection An analysis of network trac characteristics for Botnet detection Maria Jose Erquiaga 1, Carlos Catania 1 and Carlos García Garino 1,2 1 Instituto para las Tecnologías de la Información y las Comunicaciones

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

THE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing

THE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing THE BEST WAY TO CATCH A THIEF Patrick Bedwell, Vice President, Product Marketing AlienVault Vision Accelerating and simplifying threat detection and incident response for IT teams with limited resources,

More information

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013 Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a

More information

LASTLINE WHITEPAPER. The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic

LASTLINE WHITEPAPER. The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic LASTLINE WHITEPAPER The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic Abstract A distinguishing characteristic of bots is their ability to establish a command and

More information

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information. Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged

More information

The HoneyNet Project Scan Of The Month Scan 27

The HoneyNet Project Scan Of The Month Scan 27 The HoneyNet Project Scan Of The Month Scan 27 23 rd April 2003 Shomiron Das Gupta shomiron@lycos.co.uk 1.0 Scope This month's challenge is a Windows challenge suitable for both beginning and intermediate

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

P2P-BDS: Peer-2-Peer Botnet Detection System

P2P-BDS: Peer-2-Peer Botnet Detection System IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 16, Issue 5, Ver. V (Sep Oct. 2014), PP 28-33 P2P-BDS: Peer-2-Peer Botnet Detection System Navjot Kaur 1, Sunny

More information

BOTNET Detection Approach by DNS Behavior and Clustering Analysis

BOTNET Detection Approach by DNS Behavior and Clustering Analysis BOTNET Detection Approach by DNS Behavior and Clustering Analysis Vartika Srivastava, Ashish Sharma Dept of Computer science and Information security, JIIT Noida, India Abstract -Botnets are one of the

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

Detecting Botnets with NetFlow

Detecting Botnets with NetFlow Detecting Botnets with NetFlow V. Krmíček, T. Plesník {vojtec plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell

More information

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,

More information

AT&T Real-Time Network Security Overview

AT&T Real-Time Network Security Overview AT&T Real-Time Network Security Overview Dan Solero Director of Security Technology, AT&T Know Your Enemy: Security Threats Extend Beyond Viruses & Worms Distributed Denial of Service Spam for Hire Social

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

LASTLINE WHITEPAPER. In-Depth Analysis of Malware

LASTLINE WHITEPAPER. In-Depth Analysis of Malware LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Botnets: The Advanced Malware Threat in Kenya's Cyberspace Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)

More information

Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries

Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries Kazumichi Sato 1 keisuke Ishibashi 1 Tsuyoshi Toyono 2 Nobuhisa Miyake 1 1 NTT Information Sharing Platform Laboratories,

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Intruders and viruses. 8: Network Security 8-1

Intruders and viruses. 8: Network Security 8-1 Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Host-based Intrusion Prevention System (HIPS)

Host-based Intrusion Prevention System (HIPS) Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively

More information

3rd International Conference on Emerging Trends in Computer and Image Processing (ICETCIP'2013) January 8-9, 2013 Kuala Lumpur (Malaysia)

3rd International Conference on Emerging Trends in Computer and Image Processing (ICETCIP'2013) January 8-9, 2013 Kuala Lumpur (Malaysia) Botnet Technology Rupal B. Jaiswal and Shivraj Bajgude Abstract--Among all media of communications, Internet is most vulnerable to attacks owing to its public nature and virtually without centralized control.

More information

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some

More information

Protecting DNS Query Communication against DDoS Attacks

Protecting DNS Query Communication against DDoS Attacks Protecting DNS Query Communication against DDoS Attacks Ms. R. Madhuranthaki 1, Ms. S. Umarani, M.E., (Ph.D) 2 II M.Tech (IT), IT Department, Maharaja Engineering College, Avinashi, India 1 HOD, IT Department,

More information

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme , pp.81-90 http://dx.doi.org/10.14257/ijfgcn.2013.6.6.09 Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1, 2, Lei Yang 1 and Jin Wang 1 1 School of Computer

More information

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Botnet Detection using NetFlow and Clustering

Botnet Detection using NetFlow and Clustering Botnet Detection using NetFlow and Clustering Pedram Amini1, Reza Azmi2 and MuhammadAmin Araghizadeh3 1 2 3 ICT Department, Malek-Ashtar University of Technology Tehran, Iran amini@mut.ac.ir Department

More information

Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000

Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000 Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1 Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

Denial of Service Attacks, What They are and How to Combat Them

Denial of Service Attacks, What They are and How to Combat Them Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

UNMASKCONTENT: THE CASE STUDY

UNMASKCONTENT: THE CASE STUDY DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...

More information

BotNets- Cyber Torrirism

BotNets- Cyber Torrirism BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Radware s Behavioral Server Cracking Protection

Radware s Behavioral Server Cracking Protection Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information

More information

DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS

DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS GONG JIAN 2 jgong@njnet.edu.cn Jiangsu Key Laboratory of Computer Networking Technology, China, Nanjing, Southeast University AHMAD JAKALAN

More information

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society

More information

THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005

THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005 THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005 13 DECEMBER 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation

More information

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: WORKSTATIONS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Application Security Backgrounder

Application Security Backgrounder Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International

More information

About Botnet, and the influence that Botnet gives to broadband ISP

About Botnet, and the influence that Botnet gives to broadband ISP About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology

More information

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 INTRODUCTION N4Secure is a Threat Intelligence managed service. By monitoring network traffic, server traffic, scanning for internal

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Botnet Command Detection using Virtual Honeynet

Botnet Command Detection using Virtual Honeynet Botnet Command Detection using Virtual Honeynet J.S.Bhatia #1, R.K.Sehgal *2, Sanjeev Kumar #3 # Cyber Security Technology Division, CDAC Mohali, INDIA 160071 #1 jsb@cdacmohali.in *2 rks@cdacmohali.in

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Revealing Botnets Using Network Traffic Statistics

Revealing Botnets Using Network Traffic Statistics Revealing Botnets Using Network Traffic Statistics P. Čeleda, R. Krejčí, V. Krmíček {celeda vojtec}@ics.muni.cz, radek.krejci@mail.muni.cz Security and Protection of Information 2011, 10-12 May 2011, Brno,

More information

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior

More information

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose

More information

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Why a Network-based Security Solution is Better than Using Point Solutions Architectures Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone

More information

Detection of Botnets Using Honeypots and P2P Botnets

Detection of Botnets Using Honeypots and P2P Botnets Detection of Botnets Using Honeypots and P2P Botnets Rajab Challoo Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA Raghavendra Kotapalli Dept.

More information

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus COMP-530 Cryptographic Systems Security *Requires Programming Background University of Nicosia, Cyprus Course Code Course Title ECTS Credits COMP-530 Cryptographic Systems 10 Security Department Semester

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

Cisco RSA Announcement Update

Cisco RSA Announcement Update Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of

More information

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest

More information

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic

More information

Fundamentals of Network Security - Theory and Practice-

Fundamentals of Network Security - Theory and Practice- Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring

More information

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation Jan Goebel Center for Computing and Communication RWTH Aachen University, Germany goebel@rz.rwth-aachen.de Thorsten Holz Laboratory for

More information

Inspecting DNS Flow Traffic for Purposes of Botnet Detection

Inspecting DNS Flow Traffic for Purposes of Botnet Detection Inspecting DNS Flow Traffic for Purposes of Botnet Detection Vojtěch Krmíček, GEANT3 JRA2 T4 Internal Deliverable 2011 Abstract The goal of this report is to examine DNS IP flow traffic and its relation

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

LASTLINE WHITEPAPER. Dealing with Evasion in Malware Analysis by Analyzing Multiple Execution Paths

LASTLINE WHITEPAPER. Dealing with Evasion in Malware Analysis by Analyzing Multiple Execution Paths LASTLINE WHITEPAPER Dealing with Evasion in Malware Analysis by Analyzing Multiple Execution Paths Abstract Malicious code (or malware) is defined as software that fulfills the deliberately harmful intent

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information