Tesi etd-02082010-153320 |
Link copiato negli appunti
Tipo di tesi
Tesi di dottorato di ricerca
Autore
LA PORTA, ISIDORO SILVIO
Indirizzo email
ing.laporta.silvio@gmail.com
URN
etd-02082010-153320
Titolo
A system to combat Botnet illegal activities.
Settore scientifico disciplinare
ING-INF/05
Corso di studi
INGEGNERIA DELL'INFORMAZIONE
Relatori
tutor Dini, Gianluca
Parole chiave
- filtering
- Botnet
- security
Data inizio appello
03/06/2010
Consultabilità
Non consultabile
Data di rilascio
03/06/2050
Riassunto
Botnets are getting one of the most serious threats to Internet security. A botnet is a network of compromised machines, called bots, under the control of a human operator, called botmaster.
The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks,
and perform fraudulent activities such as spamming and phishing.
A botmaster uses a Command and Control (C&C) network to send commands to bots and coordinate attacks and fraudulent actions.
In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets.
BLOBOT strives to detect the presence of a botnet by detecting its C&C network. BLOBOT detects both
IRC-based and HTTP-based C&C networks and can be easily extended to support other kinds of protocols as
needed.
Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime.
For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.
The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks,
and perform fraudulent activities such as spamming and phishing.
A botmaster uses a Command and Control (C&C) network to send commands to bots and coordinate attacks and fraudulent actions.
In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets.
BLOBOT strives to detect the presence of a botnet by detecting its C&C network. BLOBOT detects both
IRC-based and HTTP-based C&C networks and can be easily extended to support other kinds of protocols as
needed.
Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime.
For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.
File
| Nome file | Dimensione |
|---|---|
La tesi non è consultabile su richiesta dell’autore. |
|