ETD system

Electronic theses and dissertations repository

 

Tesi etd-02082010-153320


Thesis type
Tesi di dottorato di ricerca
Author
LA PORTA, ISIDORO SILVIO
email address
ing.laporta.silvio@gmail.com
URN
etd-02082010-153320
Title
A system to combat Botnet illegal activities.
Settore scientifico disciplinare
ING-INF/05
Corso di studi
INGEGNERIA DELL'INFORMAZIONE
Commissione
tutor Dini, Gianluca
Parole chiave
  • filtering
  • Botnet
  • security
Data inizio appello
03/06/2010;
Consultabilità
parziale
Data di rilascio
03/06/2050
Riassunto analitico
Botnets are getting one of the most serious threats to Internet security. A botnet is a network of compromised machines, called bots, under the control of a human operator, called botmaster. <br>The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks,<br>and perform fraudulent activities such as spamming and phishing.<br>A botmaster uses a Command and Control (C&amp;C) network to send commands to bots and coordinate attacks and fraudulent actions.<br>In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets.<br>BLOBOT strives to detect the presence of a botnet by detecting its C&amp;C network. BLOBOT detects both<br>IRC-based and HTTP-based C&amp;C networks and can be easily extended to support other kinds of protocols as<br>needed.<br>Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime. <br>For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.
File