Arquitetura de um sistema integrado de defesa cibernética para detecção de botnets
Abstract
This work proposes a novel architecture for for the design of a cyber defense system able to detect bots and block communication between bots and botnets. It is also proposed an algorithm based on graphs for detecting bots. The architecture was tested using DNS logs of an academic institute. Experiments were carried out by analyzing records of DNS queries in order to find machines suspected of being zombies. Preliminary results show that mechanisms employed can filter DNS records and identify machines suspected of belonging to a botnet.
References
Ceron, J. M., Granville, L. Z., and Tarouco, L. M. R. (2010). Uma arquitetura baseada em assinaturas para mitigação de botnets. In X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 105–118.
Coskun, B., Dietrich, S., and Memon, N. (2010). Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts. In Proc. of the 26th Annual Computer Security Applications Conference, ACSAC 10, New York. ACM.
Dagon, D., Gu, G., Lee, C. P., and Lee, W. (2007). A taxonomy of botnet structures. In Computer Security Applications Conf., 2007. ACSAC 2007. 23th Annual.
Gu, G., Perdisci, R., Zhang, J., and Lee, W. (2008). BotMiner: clustering analysis of network traffic for protocoland structure-independent botnet detection. In Proc. of the 17th Conf. on Security symposium, pages 139–154, Berkeley, CA, USA. USENIX.
Rajab, M. A., Zarfoss, J., Monrose, F., and Terzis, A. (2006). A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, IMC ’06, page 41–52, New York. ACM.
Sanchez, F., Duan, Z., and Dong, Y. (2011). Blocking spam by separating end-user machines from legitimate mail server machines. In Proc. of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference, CEAS ’11, New York. ACM.
Snort (2006). Snort. http://www.snort.org.
Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., and Vigna, G. (2011). Analysis of a botnet takeover. Security Privacy, IEEE, 9(1):64–72.
Zeidanloo, H. R., Shooshtari, M. J., Amoli, P. V., Safari, M., and Zamani, M. (2010). A taxonomy of botnet detection techniques. In Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE Inter. Conf. on, volume 2, pages 158–162.
Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., and Luo, X. (2011). Detecting stealthy P2P botnets using statistical traffic fingerprints. DNS 2011, pages 121–132, Los Alamitos, CA, USA. IEEE Computer Society.
Zhu, Z., Lu, G., Chen, Y., Fu, Z. J., Roberts, P., and Han, K. (2008). Botnet research survey. In Computer Software and Applications, 2008. COMPSAC ’08. 32nd Annual IEEE International, pages 967–972.
Coskun, B., Dietrich, S., and Memon, N. (2010). Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts. In Proc. of the 26th Annual Computer Security Applications Conference, ACSAC 10, New York. ACM.
Dagon, D., Gu, G., Lee, C. P., and Lee, W. (2007). A taxonomy of botnet structures. In Computer Security Applications Conf., 2007. ACSAC 2007. 23th Annual.
Gu, G., Perdisci, R., Zhang, J., and Lee, W. (2008). BotMiner: clustering analysis of network traffic for protocoland structure-independent botnet detection. In Proc. of the 17th Conf. on Security symposium, pages 139–154, Berkeley, CA, USA. USENIX.
Rajab, M. A., Zarfoss, J., Monrose, F., and Terzis, A. (2006). A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, IMC ’06, page 41–52, New York. ACM.
Sanchez, F., Duan, Z., and Dong, Y. (2011). Blocking spam by separating end-user machines from legitimate mail server machines. In Proc. of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference, CEAS ’11, New York. ACM.
Snort (2006). Snort. http://www.snort.org.
Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., and Vigna, G. (2011). Analysis of a botnet takeover. Security Privacy, IEEE, 9(1):64–72.
Zeidanloo, H. R., Shooshtari, M. J., Amoli, P. V., Safari, M., and Zamani, M. (2010). A taxonomy of botnet detection techniques. In Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE Inter. Conf. on, volume 2, pages 158–162.
Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., and Luo, X. (2011). Detecting stealthy P2P botnets using statistical traffic fingerprints. DNS 2011, pages 121–132, Los Alamitos, CA, USA. IEEE Computer Society.
Zhu, Z., Lu, G., Chen, Y., Fu, Z. J., Roberts, P., and Han, K. (2008). Botnet research survey. In Computer Software and Applications, 2008. COMPSAC ’08. 32nd Annual IEEE International, pages 967–972.
Published
2012-11-19
How to Cite
SILVA, Sérgio dos Santos Cardoso; SALLES, Ronaldo Moreira.
Arquitetura de um sistema integrado de defesa cibernética para detecção de botnets. In: BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 12. , 2012, Curitiba.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 303-309.
DOI: https://doi.org/10.5753/sbseg.2012.20554.
