Arquitetura de um sistema integrado de defesa cibernética para detecção de botnets
Resumo
Este trabalho tem por objetivo apresentar uma proposta de arquitetura para um sistema de defesa cibernética capaz de detecar bots e bloquear a comunicação entre os bots e as botnets. Também é proposto um algoritmo de detecção de bots baseado em grafos de relacionamento. Foram realizados experimentos por meio da análise de registros de consultas DNS com o objetivo de encontrar máquinas suspeitas de serem zumbis. Resultados preliminares mostram que os mecanismos empregados permitem filtrar os registros de DNS e identificar máquinas suspeitas de pertencerem a uma botnet.
Referências
Ceron, J. M., Granville, L. Z., and Tarouco, L. M. R. (2010). Uma arquitetura baseada em assinaturas para mitigação de botnets. In X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 105–118.
Coskun, B., Dietrich, S., and Memon, N. (2010). Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts. In Proc. of the 26th Annual Computer Security Applications Conference, ACSAC 10, New York. ACM.
Dagon, D., Gu, G., Lee, C. P., and Lee, W. (2007). A taxonomy of botnet structures. In Computer Security Applications Conf., 2007. ACSAC 2007. 23th Annual.
Gu, G., Perdisci, R., Zhang, J., and Lee, W. (2008). BotMiner: clustering analysis of network traffic for protocoland structure-independent botnet detection. In Proc. of the 17th Conf. on Security symposium, pages 139–154, Berkeley, CA, USA. USENIX.
Rajab, M. A., Zarfoss, J., Monrose, F., and Terzis, A. (2006). A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, IMC ’06, page 41–52, New York. ACM.
Sanchez, F., Duan, Z., and Dong, Y. (2011). Blocking spam by separating end-user machines from legitimate mail server machines. In Proc. of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference, CEAS ’11, New York. ACM.
Snort (2006). Snort. http://www.snort.org.
Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., and Vigna, G. (2011). Analysis of a botnet takeover. Security Privacy, IEEE, 9(1):64–72.
Zeidanloo, H. R., Shooshtari, M. J., Amoli, P. V., Safari, M., and Zamani, M. (2010). A taxonomy of botnet detection techniques. In Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE Inter. Conf. on, volume 2, pages 158–162.
Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., and Luo, X. (2011). Detecting stealthy P2P botnets using statistical traffic fingerprints. DNS 2011, pages 121–132, Los Alamitos, CA, USA. IEEE Computer Society.
Zhu, Z., Lu, G., Chen, Y., Fu, Z. J., Roberts, P., and Han, K. (2008). Botnet research survey. In Computer Software and Applications, 2008. COMPSAC ’08. 32nd Annual IEEE International, pages 967–972.
Coskun, B., Dietrich, S., and Memon, N. (2010). Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts. In Proc. of the 26th Annual Computer Security Applications Conference, ACSAC 10, New York. ACM.
Dagon, D., Gu, G., Lee, C. P., and Lee, W. (2007). A taxonomy of botnet structures. In Computer Security Applications Conf., 2007. ACSAC 2007. 23th Annual.
Gu, G., Perdisci, R., Zhang, J., and Lee, W. (2008). BotMiner: clustering analysis of network traffic for protocoland structure-independent botnet detection. In Proc. of the 17th Conf. on Security symposium, pages 139–154, Berkeley, CA, USA. USENIX.
Rajab, M. A., Zarfoss, J., Monrose, F., and Terzis, A. (2006). A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, IMC ’06, page 41–52, New York. ACM.
Sanchez, F., Duan, Z., and Dong, Y. (2011). Blocking spam by separating end-user machines from legitimate mail server machines. In Proc. of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference, CEAS ’11, New York. ACM.
Snort (2006). Snort. http://www.snort.org.
Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., and Vigna, G. (2011). Analysis of a botnet takeover. Security Privacy, IEEE, 9(1):64–72.
Zeidanloo, H. R., Shooshtari, M. J., Amoli, P. V., Safari, M., and Zamani, M. (2010). A taxonomy of botnet detection techniques. In Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE Inter. Conf. on, volume 2, pages 158–162.
Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., and Luo, X. (2011). Detecting stealthy P2P botnets using statistical traffic fingerprints. DNS 2011, pages 121–132, Los Alamitos, CA, USA. IEEE Computer Society.
Zhu, Z., Lu, G., Chen, Y., Fu, Z. J., Roberts, P., and Han, K. (2008). Botnet research survey. In Computer Software and Applications, 2008. COMPSAC ’08. 32nd Annual IEEE International, pages 967–972.
Publicado
19/11/2012
Como Citar
SILVA, Sérgio dos Santos Cardoso; SALLES, Ronaldo Moreira.
Arquitetura de um sistema integrado de defesa cibernética para detecção de botnets. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 12. , 2012, Curitiba.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 303-309.
DOI: https://doi.org/10.5753/sbseg.2012.20554.
