31-10-2012, 02:27 PM
An Advanced Hybrid Peer-to-Peer Botnet
An Advanced Hybrid.pptx (Size: 137.36 KB / Downloads: 25)
INTRODUCTION
In the last several years, Internet malware attacks have evolved into better-organized and more profit-centered endeavors. E-mail spam, extortion through denial-of-service attacks, and click fraud represent a few examples of this emerging trend. “Botnets” are a root cause of these problems. A “botnet” consists of a network of compromised computers (“bots”) connected to the Internet that is controlled by a remote attacker (“botmaster”). Since a botmaster could scatter attack tasks over hundreds or even tens of thousands of computers distributed across the Internet, the enormous cumulative bandwidth and large number of attack sources make botnet-based attacks extremely dangerous and hard to defend against.
Compared to other Internet malware, the unique feature of a botnet lies in its control communication network. Most botnets that have appeared until now have had a common centralized architecture. That is, bots in the botnet connect directly to some special hosts (called “command-and-control” servers, or “C&C” servers). These C&C servers receive commands from their botmaster and forward them to the other bots in the network. From now on, we will call a botnet with such control communication architecture a “C&C botnet.” Fig. 1 shows the basic control communication architecture for a typical C&C botnet (in reality, a C&C botnet usually has more than two C&C servers). Arrows represent the directions of network connections.
Scope of the Project
The main aim of this project is design an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked.
Literature SurveyBotnet
Botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.
Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access.
Honeypot
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.
Peer-to-Peer Network:
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or work loads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes.
Peers make a portion of their resources, such as processing power, disk storage or network bandwidth, directly available to other network participants, without the need for central coordination by servers or stable hosts. Peers are both suppliers and consumers of resources, in contrast to the traditional client–server model where only servers supply, and clients consume
User Interface Design:
In this module we design the windows for the project. These windows are used to send a message from one peer to another. We use the Swing package available in Java to design the User Interface. Swing is a widget toolkit for Java. It is part of Sun Microsystems' Java Foundation Classes (JFC) — an API for providing a graphical user interface (GUI) for Java programs.
Bot Master Node Implementation:
In this module we implement the server node. This node may send instruction to any other node. A bot master can monitor the other node. Bot Master maintain the detail about the bot. a botmaster issues a special command, called a report command, to the botnet, thereby instructing every bot to send its information to a specified machine that is compromised and controlled by the botmaster. This data collection machine is called a sensor.
Servent Bot Implementation:
In this module we implement the Servent Bot. Servent Bot contains bots that have static, non private IP addresses and are accessible from the global Internet. Bots in the first group are called servent bots since they behave as both clients and servers. Only servent bots are candidates in peer lists.
Conclusion:
To be well prepared for future botnet attacks, we should study advanced botnet attack techniques that could be developed by botmasters in the near future. In this project, we present the design of an advanced hybrid P2P botnet. Compared with current botnets, the proposed one is harder to be monitored, and much harder to be shut down. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each captured bot, and easy monitoring and recovery by its botmaster. To defend against such an advanced botnet, we point out that honeypots may play an important role. We should, therefore, invest more research into determining how to deploy honeypots efficiently and avoid their exposure to botnets and botmasters.