پایش مشخصه های جریان های بات نتی با ارائه یک سامانه تحلیل ترافیک شبکه

نوع مقاله : مقاله پژوهشی

نویسندگان

1 جهاد دانشگاهی گیلان - بندر انزلی

2 دانشگاه آزاد واحد علوم تحقیقات

3 دانشگاه محقق اردبیلی

چکیده

بات­نت یکی از خطرات مهم ولی کمتر شناخته شده در اینترنت است. بات­نت­ها شبکه­ای از کامپیوترهای تسخیر شده تحت کنترل هستند که از طریق یک کانال فرمان و کنترل برای حملاتی با قدرت تخریب بالا و وسعت زیاد هدایت می­شوند. بات­نت­ها اغلب برای اقدامات خرابکارانه مهمی همچون حملات انکار سرویس توزیع­ شده مورد بهره­برداری قرار می­گیرند. برای مقابله با این نوع از حملات لازم است ساختار، ویژگی­ها و رفتار ترافیکی بات­نت به خوبی مورد بررسی قرار گیرد بنابراین شناسایی شاخصه­های اصلی بات­نت­ها و مانیتورینگ جریان­های بات­نتی در ایجاد و توسعه تکنولوژی­های مواجهه با این خطر امنیتی مهم، موثر خواهد بود. در این مقاله بات­نت­ها، چرخه حیات آنها و انواع توپولوژی و پروتکل­های مورد بهره­گیری آنها بررسی و با پیاده­سازی یک شبکه آلوده به بات­نت و ارائه سامانه آنالیز جریان شبکه، رفتارها و ویژگی­های ترافیک بات­نتی مستند می­شود. با پیاده­سازی این سامانه ویزگی­های جریان­ها و رفتار بات­نتی به­نحو مطلوبی نمایش داده شده است. مشاهده این ویژگی­ها برای ارائه راه­کارهای تشخیص مقابله با حملات مبتنی بر بات­نت موثر خواهد بود.

کلیدواژه‌ها


عنوان مقاله [English]

Monitoring the Flow Characteristics of Botnet with a Network Traffic Analysis System

چکیده [English]

Botnet is one of the important but little-known dangers on the Internet. Botnets are networks of compromised computers that are controlled through a command-and-control channels for destructive attacks in the vast expanses. Botnets are often used for malicious activities such as distributed denial of service attacks. To deal with these type of attack is required to study and examine the structure, properties and behavior of botnet traffic. Therefore, identification of the main characteristics of botnets and monitoring the flows of botnet will be effective in creating and developing technologies to deal with this potential security risk. In this work, are reviewed botnets and their life cycle and types of topologies and protocols they use and documented the behaviors and characteristics of botnet traffic with implementation a network of botnet-infected And provide a network flow analysis system. Find these features to provide solutions to detect and deal with botnet-based attacks will be effective.

کلیدواژه‌ها [English]

  • Botnet
  • Flow
  • Attack
  • Command-And-Control
  1. R. A. Rodríguez-Gómez, “G. Maciá-Fernández and P. García-Teodoro, Analysis of botnets through life-cycle,” Security and Cryptography (SECRYPT),  2011 Proceedings of the International Conference on, Seville, Spain, pp. 257-262, 2011.##
  2. C. Elliott, “Botnets: To What Extent Are They a Threat to Information Security?,” Information Security Technical Report, vol. 15, pp. 79-103, 2010.##
  3. H. R. Zeidanloo and A. A. Manaf, “Botnet Command and Control Mechanisms,” Computer and Electrical Engineering, 2009 ICCEE '09, Second International Conference on, Dubai, pp. 564-568, 2009.##
  4. T. Cai and F. Zou, “Detecting HTTP Botnet with Clustering Network Traffic,” Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on, Shanghai, China, pp. 1-7, 2012.##
  5. N. Hachem, Y. Ben Mustapha, G. G. Granadillo, and H. Debar, “Botnets: Lifecycle and Taxonomy,” Network and Information Systems Security (SAR-SSI), 2011 Conference on, La Rochelle, pp. 1-8, 2011.##
  6. M. Chandramohan and H. B. K. Tan, “Detection of Mobile Malware in the Wild,” in Computer, vol. 45, no. 9, pp. 65-71, Sept. 2012.##
  7. C. Li, W. Jiang, and X. Zou, “Botnet: Survey and Case Study,” Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on, Kaohsiung, pp. 1184-1187, 2009.##
  8. E. Yuce, “A Literature Survey about Recent Botnet Trends,” GÉANT Network, ULAKBIM, Turkey, Rep. JRA2 T4, 2012.##
  9. C. Elliott, “Botnets: To What Extent Are They a Threat to Information Security?,” Information Security Technical Report, vol. 15, pp. 79-103, 2010.##
  10. V. Kamluk, “The Botnet Ecosystem [Online].Available: http://www.securelist.com/en/analysis/204792095/The_Botnet_ecosystem, 2009.##
  11. M. Eslahi, R. Salleh, and N. B. Anuar, “Bots and botnets: An overview of characteristics, detection and challenges,” Control System, Computing and Engineering (ICCSCE), IEEE International Conference on, Penang, pp.         349-354, 2012.##
  12. B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, “Analysis of a Botnet Takeover,” in IEEE Security & Privacy, vol. 9, no. 1, pp. 64-72, Jan.-Feb. 2011.##
  13. Cisco, “Cisco 2009 Midyear Security Report: An Update on Global Security Threats and Trends,” Cisco Systems, Rep., 2009.##
  14. M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir, “A Survey of Botnet Technology and Defenses,” Conference for Homeland Security, 2009 CATCH '09, Cyber security Applications & Technology, Washington, DC, pp. 299-304, 2009.##
  15. Taxonomy of Botnet Threats, “Trend Micro Inc.,” White Paper, November 2006.##
  16. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon, “Peer-to-peer Botnets: Overview and case study,” In Proc. of OT Topics in Understanding Botnets (HotBots’07), pp.198-201, 2007.##
  17. T. Cai and F. Zou, “Detecting HTTP Botnet with Clustering Network Traffic,” Wireless Communications, Networking and Mobile Computing (WiCOM), 8th International Conference on, Shanghai, China, pp. 1-7, 2012.##
  18. C. M. Chen, Y. H. Ou, and Y. C. Tsai, “Web botnet detection based on flow information,” Computer Symposium (ICS), International, Tainan, pp. 381-384, 2010.##
  19. S. Arshad, M. Abbaspour, M. Kharrazi, and H. Sanatkar, “An anomaly-based botnet detection approach for identifying stealthy botnets,” Computer Applications and Industrial Electronics (ICCAIE), IEEE International Conference on, Penang, pp. 564-569, 2011.##
  20. B. Assadhan, J. M. F. Moura, and D. Lapsley, “Periodic Behavior in Botnet Command and Control Channels Traffic,” Global Telecommunications Conference, GLOBECOM, IEEE, Honolulu, HI, pp. 1-6, 2009.##
  21. M. M. Masud, T. Al-khateeb, L. Khan, B. Thuraisingham, and K. W. Hamlen, “Flow-based identification of botnet traffic by mining multiple log files,” Distributed Framework and Applications, DFM, First International Conference on, Penang, pp. 200-206, 2008.##
  22. T.-M. Koo, H.-C. Chang, and G.-Q. Wei, “Construction P2P firewall HTTP-Botnet defense mechanism,” Computer Science and Automation Engineering (CSAE), IEEE International Conference on, Shanghai, pp. 33-39, 2011.##