Analysis of Web-based Bot Malware Infection
Download
Report
Transcript Analysis of Web-based Bot Malware Infection
ANALYSIS OF WEB-BASED BOT MALWARE
INFECTION
Louena L. Manluctao
East Early College High
School
Houston Independent
School District
Dr. Guofei Gu
Assistant Professor
Department of Computer
Science & Engineering
Director, SUCCESS LAB
TEXAS A & M University
DR GUOFEI GU
EDUCATION
•Ph. D in Computer Science
•Georgia Institute of Technology
•M.S. in Computer Science
•Fudan University
RESEARCH INTEREST
•Network and system security such as
Internet malware detection, defense, and
analysis
• Intrusion detection, anomaly detection
• Network security
• Web and social networking security
SUCCESS LAB
Success Lab Students
PhD
Seungwon Shin
Chao Yang
Zhaoyan Xu
Jialong Zhang
MS
Robert Harkreader
Shardul Vikram
Vijayasenthil VC
Lingfeng Chen
Alumni
Yimin Song (MS, first
employment: Juniper Networks)
SEUNGWON SHIN
Network & Web Security
Botnet Analysis: Conficker
Seungwon Shin and Guofei Gu. "Conficker and
Beyond: A Large-Scale Empirical Study." To
appear in Proceedings of 2010 Annual
Computer Security Applications Conference
(ACSAC'10), Austin, Texasi, December 2010.
SEUNGWON SHIN
Network & Web Security
Botnet Analysis: Conficker
Seungwon Shin, Raymond Lin, Guofei Gu.
"Cross-Analysis of Botnet Victims: New Insights
and Implications." To appear in Proceedings of
the 14th International Symposium on Recent
Advances in Intrusion Detection (RAID 2011),
Menlo Park, California, September 2011.
CHAO YANG
Wireless Security
Rogue Access Point Detection
Yimin Song, Chao Yang, Guofei Gu. "Who Is
Peeping at Your Passwords at Starbucks? -- To
Catch an Evil Twin Access Point."
In Proceedings of the 40th Annual IEEE/IFIP
International Conference on Dependable
Systems and Networks (DSN'10), Chicago, IL,
June 2010
CHAO YANG
Social Networking Website Security
Twitter Spammer Accounts Detection
Chao Yang, Robert Harkreader, Guofei Gu. "Die
Free or Live Hard? Empirical Evaluation and
New Design for Fighting Evolving Twitter
Spammers." To appear in Proceedings of the
14th International Symposium on Recent
Advances in Intrusion Detection (RAID 2011),
Menlo Park, California, September 2011.
ZHAOYAN XU
Malware Analysis
Analysis of binary code and source code
Dynamic
Analysis
Static Analysis
Reverse Engineering
Protocol
Semanticis
JIALONG ZHANG
Intrusion and Detection System
Enterprise Network Security
Assist Us with computer terms
APPLIED CRYPTOGRAPHY
The art of secret writing
Converts data into unintelligible (random
looking) form
Must be reversible (recover original data
without loss or modification)
ENCRYPTION/DECRYPTION
Plaintext: a message in its original form
Ciphertext: a message in the transformed,
unrecognized form
Encryption: the process that transforms a plaintext
into a ciphertext
Decryption: the process that transforms a ciphertext
to the corresponding plaintext
Key: the value used to control encryption/decryption.
PROBABILITY AND STATISITICS
Command Prompt.lnk
PROBABILITY AND STATISTICS
RELEVANCE OF THE RESEARCH
To Solve Practical Security Problems
Internet
malware detection, defense, and analysis
Intrusion detection, anomaly detections
Network security
Web and social networking security
To help society and country from threat of
national security
RESEARCH ACTIVITY
PURPOSE OF BOTNET TAXONOMY
Help
researchers identify the type of
responses that are most effective against
botnets
Design
Goals
assist the defenders in identifying
possible types of botnets
describe key properties of botnet
classes
KEY METRICS FOR BOTNET STRUCTURES
BOTNET EFFECTIVENESS
•Estimate of overall utility. Measure the largest
number of bots that can receive instructions and
participate in an attack.
•Average amount of bandwidth that a bot can
contribute, denoted by B.
BOTNET EFFICIENCY
•Network diameter is one means of
expressing this efficiency.
•This is the average geodesic length of a
network.
BOTNET ROBUSTNESS
•Clustering coefficient measures the average
degree of local transitivity.
•The transitivity measure index generally
captures the robustness of a botnet
BOTNET NETWORK MODELS
ERDOS-RENYI RANDOM GRAPH MODELS
•Random graphs are created to avoid creating predictable
flows.
•In a random graph, each node is connected with equal
probability to the other N-1 nodes.
•The chance that a bot has a degree of k is the binomial
distribution:
Acknowledgements
Texas A&M University
Dr. Guofie Gu
National Science Foundation
Nuclear Power Institute
Chevron
Texas Workforce Commission
Wilber Rivas, Math Teacher,
Del Rio High School
Chao Yang, Phd Student
Jialong Zhang, Phd Student