Toward Proactive Mitigation of Advanced Multi-tier Botnets

Please make note of the following, free, on-line seminar.  Information about how to join the session can be found on the web site of the Commonwealth Graduate Engineering Program at  http://cgep.virginia.gov/gmu_webinar.php

Speaker

Brent ByungHoon Kang, Ph.D.

Topic

Toward Proactive Mitigation of Advanced Multi-tier Botnets

Date and Time

February 8, 2012 from 5 pm – 6 pm

Abstract

In this talk I will present our on-going efforts to mitigate the advanced botnets. Botnet is a network of compromised machines, exploited to carry out malicious acts such as spam, phishing, denial of service attacks, and stealing sensitive data such as passwords and banking credentials. The detection and mitigation of these botnets have proven to be quite challenging. Malware authors, supported by a thriving underground economy, have demonstrated professional quality sophistication in creating codes highly adaptive to existing mitigation efforts.

We have explored a series of botnet mitigation approaches directed toward (i) creating new analysis and de-obfuscation methods to rapidly expose the botnets’ command and control protocols in a timely manner, (ii) in-depth analysis to explore the fundamental limits and weaknesses of the advanced botnet architecture, and (iii) designing an effective enumerator (or “mapping” of bot networks) to locate bot-infected hosts on the Internet.

Our research direction fundamentally differs from existing Intrusion Detection System (IDS) approaches. Unlike IDS, which is geared towards protecting local hosts within its perimeter, an enumerator will enable identification of both local and remote infections. Identifying remote infections is crucial, given that there are numerous computers on the Internet that are not under the protection of IDS-based systems. The resulting enumeration has been used for spam blocking, firewall configuration, DNS rewriting, and alerting sys-admins regarding local infections.

Advertisements

RSS Feed

February 2012
S M T W T F S
« Nov   Mar »
 1234
567891011
12131415161718
19202122232425
26272829  

%d bloggers like this: