2. OUTLINE
Introduction to Botnet
Botnet Life-cycle
Botnet in Network Security
Botnet Uses
Botnet Detection
Preventing Botnet Infection
Botnet Research
Conclusion
3. INTRODUCTION
A Botnet is a network of compromised computers
under the control of a remote attacker
controller of a botnet is able to direct the activities of
these compromised computers
Botnet Terminology
Bot Herder (Bot Master)
Bot
Bot Client
IRC Server
Command and Control Channel (C&C)
9. BOTNET IN NETWORK SECURITY
Internet users are getting infected by bots
Many times corporate and end users are trapped in
botnet attacks
Today 16-25% of the computers connected to the
internet are members of a botnet
In this network bots are located in various locations
It will become difficult to track illegal activities
This behavior makes botnet an attractive tool for
intruders and increase threat against network
security
11. HOW BOTNET IS USED??
Distributed Denial of Service (DDoS) attacks
Sending Spams
Phishing
Addware
Spyware
Click Fraud
12. BOTNET DETECTION
Two approaches for botnet detection based on
Setting up honeynets
Passive traffic monitoring
Signature based
Anomaly based
DNS based
13. BOTNET DETECTION:SETTING UP HONEYNETS
Windows Honey pot
Honeywall Responsibilities:
DNS/IP-address of IRC server and port number
(optional) password to connect to IRC-server
Nickname of bot
Channel to join and (optional) channel-password
14. BOTNET DETECTION:SETTING UP HONEYNETS
Bot
1. Malicious Traffic
Sensor
3. Authorize
2. Inform bot’s IP
Bot Master
15. BOTNET DETECTION:TRAFFIC MONITORING
Signature based: Detection of known botnets
Anomaly based: Detect botnet using following
anomalies
High network latency
High volume of traffic
Traffic on unusual port
Unusual system behaviour
DNS based: Analysis of DNS traffic generated
by botnets
16. BOTNET DETECTION
Determining the source of a botnet-based attack is
challenging:
Traditional approach:
Every zombie host is an attacker
Botnets can exist in a benign state for an
arbitrary amount of time before they are used
for a specific attack
New trend:
P2P networks
17. PREVENTING BOTNET INFECTIONS
Use a Firewall
Use Antivirus (AV) software
Deploy an Intrusion Prevention System (IPS)
Define a Security Policy and
Share Policies with your users systematically
18. CONCLUSION
Botnets pose a significant and growing threat against
cyber security
It provides key platform for many cyber crimes (DDOS)
As network security has become integral part of our life
and botnets have become the most serious threat to it
It is very important to detect botnet attack and find the
solution for it