ETD system

Electronic theses and dissertations repository

 

Tesi etd-02082010-153320


Thesis type
Tesi di dottorato di ricerca
Author
LA PORTA, ISIDORO SILVIO
email address
ing.laporta.silvio@gmail.com
URN
etd-02082010-153320
Title
A system to combat Botnet illegal activities.
Settore scientifico disciplinare
ING-INF/05
Corso di studi
INGEGNERIA DELL'INFORMAZIONE
Supervisors
tutor Dini, Gianluca
Parole chiave
  • filtering
  • Botnet
  • security
Data inizio appello
03/06/2010;
Consultabilità
Parziale
Data di rilascio
03/06/2050
Riassunto analitico
Botnets are getting one of the most serious threats to Internet security. A botnet is a network of compromised machines, called bots, under the control of a human operator, called botmaster.
The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks,
and perform fraudulent activities such as spamming and phishing.
A botmaster uses a Command and Control (C&C) network to send commands to bots and coordinate attacks and fraudulent actions.
In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets.
BLOBOT strives to detect the presence of a botnet by detecting its C&C network. BLOBOT detects both
IRC-based and HTTP-based C&C networks and can be easily extended to support other kinds of protocols as
needed.
Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime.
For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.
File