شناسایی و مقابله با کانال کنترل و فرماندهی در بات نت های مبتنی بر شبکه های اجتماعی

نویسندگان

1 پیام نور مرکز عسلویه / دانشگاه امام حسین ( ع )

2 پیام نور مرکزی

چکیده

یک بات‌نت‌، مجموعه‌ای از بات‌ ها است که به‌صورت جداگانه بر روی یک سیستم آلوده‌شده اجرا شده و به دستورات ارسالی از طرف واحد کنترل و فرماندهی پاسخ می‌دهند. امروزه بات‌نت‌ها به چالش بزرگی در فضای سایبر تبدیل‌شده‌اند. گونه‌های جدید این خانواده از بدافزارها با سوءاستفاده از شبکه‌های اجتماعی محبوب، از آن‌ها به‌عنوان کانال کنترل و فرماندهی استفاده می‌کنند. در این شیوه، سیستم‌های حفاظتی معمول نظیر IDS ها قادر به شناسایی و مقابله با بات‌نت‌ها نخواهند بود، زیرا ترافیک شبکه تولیدشده توسط بات ها همانند ترافیک کاربر سیستم می‌باشد. در این مقاله روش جدیدی برای شناسایی، رهگیری و مقابله با بات‌نت‌های مبتنی بر شبکه‌های اجتماعی ارائه‌شده است. در این روش، تشخیص بات‌نت‌ بر اساس نظارت بر منابع سیستم انجام می‌شود. روش پیشنهادی پس از رهگیری اقدام به مقابله با بات‌نت‌ مذکور می‌کند. این مقابله شامل ممانعت از اتصال بات‌ به سرور کنترل و فرماندهی می‌باشد که روش پیشنهادی می‌تواند نزدیک به 96 درصد وجود بات‌نت‌ها را تشخیص و با موفقیت 100 درصد سیستم را از وجود بات‌نت‌ها کشف‌شده تمییز دهد.

کلیدواژه‌ها

عنوان مقاله [English]

Identifying and countering the control and command channel in botnets based on social networks

مراجع

  1. E. Stinson and J. C. Mitchell, “Characterizing the Remote Control Behavior of Bots,” Lecture Notes in Computer Science, vol. 4579, p. 20, 2007.
  2. C. J. Dietrich, “Identification and Recognition of Remote-Controlled Malware,” master, computer science, mannheim, 2013.
  3. G. Fedynyshyn, M. C. Chuah, and G. Tan, “Detection and Classification of Different Botnet C&C Channels,” in Autonomic and Trusted Computing: 8th International Conference, ATC 2011, Banff, Canada, September 2-4, 2011. Proceedings, J. M. A. Calero, L. T. Yang, F. G. Marmol, L. J. Garcia Villalba, A. X. Li, and Y. Wang, Eds., ed Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 228-242, 2011.
  4. S. Ashutosh, “Social networking for botnet command and control,” master Project, Computer Science, San Jose State University, 2012.
  5. J. Goebel and T. Holz, “Rishi: identify bot contaminated hosts by IRC nickname evaluation,” presented at the HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets CA, USA, 2007.
  6. S. Shah and V. M. Lomte, “The Survey Paper on ASP2P: An Advanced Botnet Based on Social Networks over Hybrid P2P,” International Journal of Science and Research (IJSR), vol. 3, p. 6, December 2014.
  7. P. Jaikumar and A. C. Kak, “A graph-theoretic framework for isolating botnets in a network,” Security and Communication Networks, vol. 8, p. 19, 28 February 2012.
  8. S. Chang and T. E. Daniels, “P2P botnet detection using behavior clustering & statistical tests,” 2nd ACM workshop on Security and artificial intelligence, p. 8, 2009.
  9. P. Wang, S. Sparks, and C. C. Zou, “An Advanced Hybrid Peer-to-Peer Botnet,” IEEE Transactions on Dependable and Secure Computing, vol. 7, p. 113, 2010.
  10. A. blue, Hooks, 2011. Available: https://msdn.microsoft.com/en-us/library/windows/desktop/ms632589%28v=vs.85%29.aspx
  11. M. Russinovich and D. A. Solomon, “Windows Internals Part 1: Microsoft,” 2012.
  12. B. Blunden, “The Rootkit Arsenal: WordWar,” 2009.
  13. Microsoft, Filter Drivers, 2015. Available: https://msdn.microsoft.com/en-us/library/windows/hardware/ff545890%28v=vs.85%29.aspx
  14. R. Mark. Autoruns for Windows, 2015. Available: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
  15. J. Binkley and S. Singh, “An algorithm for anomaly-based botnet detection,” In: Proc. Reducing Unwanted Traffic on the Internet, 2007. Available: http://static.usenix.org/events/sruti06/tech/full_papers/binkley/binkley_html/
  16. P. P. G. Gu, V. Yegneswaran, and M. Fong, “BotHunter: Detecting malware infection through ids-driven dialog correlation,” 2007. Available: http://static.usenix.org/legacy/events/sec07/tech/full_papers/gu/gu_html/
  17. G. Gu, R. Perdisci, J. Zhang, and W. Lee, “BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection,” USENIX Security Symposium, 2008.
  18. G. Gu, J. Zhang, and W. Lee, “BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic,” presented at the Computer Science and Engineering Faculty Publications, 2008.
  19. M. P. Collins and M. K. Reiter, “Hit-List Worm Detection and Bot Identification in Large Networks Using Protocol Graphs,” Software Engineering Institute p. 20, September 2007.
  20. X. Hu and M. Knysz, “Rb-seeker: Auto-detection of redirection botnets,” presented at the Proceedings of the Network and Distributed System Security Symposium, San Diego, California, USA, 2009.
  21. M. P. Collins, “Using uncleanliness to predict future botnet addresses,” presented at the 7th ACM SIGCOMM conference on Internet measurement 2007.
  22. A. Karasaridis and B. Rexroad, “Wide-scale botnet detection and characterization,” presented at the HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets CA, USA, 2007.
  23. E. Cooke, “The Zombie roundup: understanding, detecting, and disrupting botnets,” presented at the SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet, CA, USA, 2005.
  24. E. Stinson and J. C. Mitchell, “Characterizing Bots’ Remote Control Behavior,” presented at the 4th International Conference, DIMVA 2007 Lucerne, Switzerland, July 12-13, 2007
  25. C. Yan, T. D. Dimitriou, and J. Zhou, “Using Failure Information Analysis to Detect Enterprise Zombies,” presented at the 5th International ICST Conference, Greece, Athens, Secure Comm. 2009.
  26. K. Singh, A. Srivastava, J. Giffin, and W. Lee, “Evaluating email’s feasibility for botnet command and control,” presented at the Dependable Systems and Networks with FTCS and DCC, DSN 2008, IEEE International Conference on, 2008.
  27. Y. Zhao, Y. Xie, and F. Yu, “BotGraph: Large Scale Spamming Botnet Detection” The 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI '09), April 1, 2009 2009.
  28. L. Zhuang, J. Dunagan, and D. R. Simon, “Characterizing botnets from email spam records,” presented at the LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, CA, USA, 2008.
  29. Y. Xie, F. Yu, and R. Panigrahy, “Spamming Botnet: Signatures and Characteristics,” presented at the ACM SIGCOMM 2008, Seattle, WA USA, 2008.
  30. S. Poland, “How to create a twitter bot,” 2007. Available: http://blog.stevepoland.com/how-to-create-a-twitter-bot
  31. DigiNinja, Kreiosc2: Poc using twitter as its command and control channel, 2008. Available: http://www.digininja.org
  32. J. P. John, A. Moshchuk, and S. D. Gribble, “Studying spamming botnets using Botlab,” Presented at the NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation CA, USA, 2009.
  33. F. S. Inc, “Web security trends report q4 .Technical report,” 2007. Available: http://www.finjan.com/Content.aspx?id=827
  34. J. Baltazar, J. Costoya, and R. Flores, “The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained,” Trend Micro Threat Research, p. 18, 2009.
  35. T. Easton and K. Johnson, “Social zombies,” presented at the DEFCON, CA, USA, 2009.
  36. V. S. M. D. Base, “Virus Sign Malware Data Base,” Ed, 2014.
  37. C. SandBox, “CW_Sand Box Data,” 2014. Available: http://pi1.informatik.uni-mannheim.de/malheur/
پدافند غیرعامل
دوره 8، شماره 1 - شماره پیاپی 1
718
اردیبهشت 1396
صفحه 35-44

فایل ها

سابقه مقاله

  • تاریخ دریافت: 30 فروردین 1395
  • تاریخ بازنگری: 30 مهر 1402
  • تاریخ پذیرش: 28 شهریور 1397

هم رسانی

ارجاع به این مقاله

آمار