Botnets: The Rising Internet Threat and New Detection Techniques

Date: Wednesday, May 20, 2009
Time: 2:00pm - 3:00pm
Location:LBNL Bldg. 50A, Room 5132

Speaker:
Guofei Gu
Texas A&M University

Abstract:
Most of the attacks and fraudulent activities on the Internet are
carried by malware. In particular, botnets have become the primary
"platforms" for attacks on the Internet. A botnet is a network of
compromised computers (or, bots) that are under the control of an
attacker (or, botmaster). A botnet typically has tens to hundreds of
thousands of bots, but some had several millions of bots. Botnets
are now used for distributed denial-of-service attacks, spam,
phishing, information theft, etc. With the magnitude and the potency
of attacks afforded by their combined bandwidth and processing
power, botnets are now considered as the largest threat to Internet
security.

In this talk, I focus on addressing the botnet detection problem in
an enterprise-like network environment. I present a
correlation-based framework for botnet detection that consists of
detection technologies already demonstrated in several systems
(BotHunter, BotSniffer, BotMiner, and BotProber). The common thread
of these systems is correlation analysis (vertical correlation,
horizontal correlation, and cause-effect correlation). I will mainly
discuss BotHunter, BotSniffer, BotMiner and their corresponding
correlation techniques/algorithms in this talk. These systems have
been evaluated in live networks and/or real-world network traces,
and the results show that they can detect real-world botnets with a
very low false positive rate.

Host of Seminar:

    Juan Meza