25-06-2012, 04:20 PM
Awareness Of Large Scale Botnet And Honeypot Tracing Services
Awareness Of Large Scale Botnet.pptx (Size: 674.41 KB / Downloads: 27)
Introduction
A botnet is a group of computers that are controlled from a single source and run related software Programs and Scripts.
Botnets can be used for distributed computing purposes, such as a scientific processing, the term usually refers to multiple computers that have been infected with malicious software.
A hacker may create a botnet for several different purposes, such as spreading Viruses, sending e-mail ,spam or crashing.
Existing System
Honeypot Algorithm is used in this system.
It’s mainly used for scanning purpose. It scans misconfigurationfiles,mismatching files and intruders(hackers) attack.
Those scanned files are stored in own system database as a attacker.
Abstract
Our goal is to develop methodologies by which sites receiving probes can infer—using purely local observation.
We propose a method to identify and group together trace honeypots by machines belonging to the same botnet(s) without having any a priori information at our disposal regarding these botnets.
To distinguish the relevant traces from the other ones, we group them according to either the platforms, i.e. targets hit or the countries of origin of the attackers.
Drawbacks Of Existing System
Even though the existing algorithm identifies attackers, which includes misconfiguration , and mismatching files.
By mistakenly authenticated users enters the wrong datas those intruders also stored as intruders.
So, the own system cannot receive the datas from appropriate users.
Proposed System
We are developing techniques for recognizing botnet scanning strategies and inferring the global properties of botnet events.
The techniques are,
(i)Hitlist Checking
(ii)Event Extraction
Web Browser
WebBrowser is the main form. It consists of web browsing. By using this we can browse any websites.
A botnet is a group of computers connected to the Internet that have been taken over by a hacker.
The hacker controls all the computers and they behave like a “Robot network”.
Botnet contain anywhere from 100 to 1000 of computers.
Traffic Classification
Attack traffic can have complex session structures involving multiple application protocols.
We consider all those connections within of each other as part of the same session for a given pair of hosts.
We used the same threshold, s, and found that this appeared to correctly group the majority of connections between any given pair of hosts.
Conclusion
In this paper, we developed techniques for recognizing botnet scanning strategies and inferring the global properties of botnet events.
An evaluation of our tools using extensive honeynet and DShield data demonstrates the promise our approach holds for contributing to a site’s “situational awareness”.