Thesis etd-02082010-153320 |
Link copiato negli appunti
Thesis type
Tesi di dottorato di ricerca
Author
LA PORTA, ISIDORO SILVIO
email address
ing.laporta.silvio@gmail.com
URN
etd-02082010-153320
Thesis title
A system to combat Botnet illegal activities.
Academic discipline
ING-INF/05
Course of study
INGEGNERIA DELL'INFORMAZIONE
Supervisors
tutor Dini, Gianluca
Keywords
- Botnet
- filtering
- security
Graduation session start date
03/06/2010
Availability
Withheld
Release date
03/06/2050
Summary
Botnets are getting one of the most serious threats to Internet security. A botnet is a network of compromised machines, called bots, under the control of a human operator, called botmaster.
The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks,
and perform fraudulent activities such as spamming and phishing.
A botmaster uses a Command and Control (C&C) network to send commands to bots and coordinate attacks and fraudulent actions.
In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets.
BLOBOT strives to detect the presence of a botnet by detecting its C&C network. BLOBOT detects both
IRC-based and HTTP-based C&C networks and can be easily extended to support other kinds of protocols as
needed.
Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime.
For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.
The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks,
and perform fraudulent activities such as spamming and phishing.
A botmaster uses a Command and Control (C&C) network to send commands to bots and coordinate attacks and fraudulent actions.
In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets.
BLOBOT strives to detect the presence of a botnet by detecting its C&C network. BLOBOT detects both
IRC-based and HTTP-based C&C networks and can be easily extended to support other kinds of protocols as
needed.
Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime.
For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.
File
| Nome file | Dimensione |
|---|---|
The thesis is not available. |
|