Abstract─Distantly controlled and managed (by botmaster or botherder) malicious software (called botnets or ‘bot armies’) hidden in large number of computers may cause extraordinary likely damage to the Internet. Botnets can initiate massive coordinated attacks upon Internet resources and its infrastructure devices. The most likely potential uses of botnets are distributed denial of service (DDoS) attacks, spamming, sniffing traffic, keylogging, installing advertisement addons and google adsense abuse, attacking internet relay chat (IRC) networks, attacking peer-to-peer (P2P) networks, hypertext transport protocol (HTTP) networks, and mass identity theft etc. This research is intended to review and analyze all aspects of well known botnets applications like IRC, P2P, HTTP and miscellaneous category. The study will focus on botnets measuring techniques, botnet behaviour, DDoS technology, botnet modeling, complexity of botnet software, setting up an IRC honeypot on network, and different botnets mitigation techniques and defense approaches against botnets etc. Mainly bots go unnoticed unless the botmaster makes a mistake. Presently, wide-ranging efficient defensive technologies are lacking. As botmasters carry on to improve their capabilities, awareness will be essential in enhancing bot defenses.
The goal of this research is to review all salient research work being done in this domain and present critical review so that efficient mitigation and defensive framework against botnets can be proposed.
Keywords- botnet; IRC botnets; HTTP botnets; P2P botnetse; miscellanious botnets; botmaster; detection; mitigation; defensive framework; threat.
I. INTRODUCTION
Botnets software is usually installed through all type of attacki...
... middle of paper ...
...gon Kim.: BotGAD: detecting botnets by capturing group activities in network traffic: In Proceedings: Fourth International ICST Conference on Communication System Software and Middleware, Dublin, Ireland, 2009.
[30] Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani.: Automatic Discovery of Botnet Communities on Large-Scale Communication Networks: In Proceedings: 4th International Symposium on Information, Computer, and Communications Security), Sydney, Australia, pages 1-10, 2009.
[31] A Taste of HTTP Botnets-www.team-cymru.org/ReadingRoom/
Whitepapers/2008/http-botnets.pdf
[32] Julian B. Grizzard, Vikram Sharma, Chris Nunnery, and Brent Byung
Hoon Kang.: Peer-to-Peer Botnets: Overview and Case Study-http:// www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard_html/
[33] 2010 Threat Predictions Report By McAfee Labs
Denial of Service attacks (DoS) or Distributed Denial of Service Attacks (DDoS), have been around for many years, but only in the past few years have the frequency and magnitude of these attacks increased. They are a significant problem because they can shut an organization off from the Internet for extended periods of time and little can be done to stop them. DoS attacks occur when computer resources become unavailable to legitimate users after being exhausted by false requests for information (Houle and Weaver 1).
In todays fast pace world of technology many of us leave ourselves vulnerable to become victims of a cybercrime. With people using the internet to do everything from paying bills, personal banking, and on-line shopping their financial and personal information is available at the stroke of a key to a hacker. Often someone is unaware that they have been attacked and had their information stolen. The use of the internet has grown exorbitantly throughout the world. Nelson Online reported that as of December 31, 2014, there were 360,985,492 users of the internet throughout the world. (2015) With so many users in so many countries accessing the internet, prosecuting cybercrimes is nearly impossible.
The Aim Higher College’s system administrators and network engineers have described seeing some strange behaviors such as high levels of traffic from many hosts that are causing system outages. The web servers of the college have been shutting down frequently by this traffic, it must be from a hacker group trying to attack the school with malicious software. I will review the network traffic from the college’s intrusion detection system and use an intrusion prevention system to block off these threats from the hackers.
TOR (Roger Dingledine) is a circuit based low-latency anonymous communication service. TOR is now in its second generation and was developed from the Onion routing program. The routing system can run on several operating systems and protect the anonymity of the user. The latest TOR version supports perfect forward secrecy, congestion control, directory servers, integrity checking and configurable exit policies. Tor is essentially a distributed overlay network which works on the application layer of the TCP protocol. It essentially anonymizes all TCP-based applications like web-browsing, SSH, instant messaging. Using TOR can protect against common form of Internet surveillance known as “traffic analysis” (Electronic Frontier Foundation). Knowing the source and destination of your internet traffic allows others to track your behavior and interests. An IP packet has a header and a dat...
The Denial of Service attack (DoS), in this attack, the attacker does not actually access the system, but rather simply blocks access from legitimate users. In the words of the CERT (Computer Emergency Response Team) Coordination Center (the first computer security incident response team), “A ‘Denial-of-Service’ attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service” (CERT, 2003). One often-used blocking method is flooding the targeted system with so many false connection requests that it cannot respond to legitimate requests. DoS is an extremely common attack method, second only to malware. (Easttom, 2014)
Every year, cybercrime costs businesses $400 billion and by 2019, cybercrime will have cost the global economy 2.1 trillion dollars (Morgan 1). But, economic loss isn’t the only problem caused by weak cybersecurity; weak cybersecurity measures could allow hackers to collect data on citizens, cause widespread death, and destroy entire nations. Despite the massive threat the problem poses, no one has yet to institute an effective solution. Although government regulation and website blocking attempt to eliminate cybercrime and cyberwarfare, an ideal solution exists in government guidance and collaboration with the private sector.
White-collar crime, specifically computer crime, is becoming more popular as computers become more readily available. Crimes using computers and crimes against computers are usually committed without fear of being caught, due to the detachment of the offender from the victim.
Harmful usage of a sniffer is catching password and also capturing special and private information of transactions, like username, credit ID, account, and password, recording sending of email or messages and resuming the information, Some Sniffers have the ability to modify the computer's information also to the extent of even damaging the system. Weakening the security of a network even being successful in gaining higher level authority. With everyday more and different hackers using of packet sniffers, it has become one of the most important tool in the defence of cyber-attacks and cyber-crime. Writted by (2001 – 2014) Colasoft LLC
In this globalized arena, with the proliferating computer users as well as computer networks, risks associated like Malware attacks are also multiplying. As the proverb
A cyber crime called 'Bot Networks', wherein spamsters and other perpetrators of cyber crimes remotely take control of computers without the users realizing it, is increasing at an alarming rate. Computers get linked to Bot Networks when users unknowingly download malicious codes such as Trojan horse sent as e-mail attachments. Such affected computers, known as zombies, can work together whenever the malicious code within them get activated, and those who are behind the Bot Networks attacks get the computing powers of thousands of systems at their disposal.
Nazario, Jose “Defense and Detection Strategies against Internet Worms”, Artech House Computer Security Library, 2004
To be able to understand cybercrimes we need to know where it started. It all started with the birth of the internet. In the late 1960s, one of the authors (HMD) was a graduate student at MIT. His research at MIT’s project MAC (now the Laboratory for computer – the home of the World Wide Web Consortium) was funded by APRA – the Advanced Research Projects Agency of the Department of Defense. Later on APRA proceeded to implement the APRANET, which even...
Malware is a threat to all computers and networks. Viruses, worms, Trojan horses, and bots are all types of malware that can infect and compromise computers. When these harmful software penetrate into personal computers, businesses, and national security departments serious damages can result. Confidential information can be leaked, intellectual property can be stolen, and financial loss can result. With the sophistication in malware, a new form of war is beginning to be developed. Cyber war and cyber weapons have been developed and deployed by nations across the world. These weapons are extremely dangerous and make it difficult to discover who launched the attack. There are ways to protect oneself from malware, but no method is one-hundred percent effective.
Cyber crime has become an important concern for not only the business firms, government, law enforcement agencies but also for the common people because these kinds of issues are related to the consumer’s day-to-day activity (Polivanyuk, 2005). Due to these types of crimes, consumer’s money, children, business organization’s integrity, consumer and company’s privacy, etc. are in danger.
The internet offers high speed connectivity between countries, which allows criminals to commit cybercrimes from anywhere in the world. Due to the demand for the internet to be fast, networks are designed for maximum speed, rather than to be secure or track users (“Interpol” par. 1). This lack of security enables hacker...