Filters








68 Hits in 2.7 sec

Exploiting Temporal Persistence to Detect Covert Botnet Channels [chapter]

Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler, Dina Papagiannaki
2009 Lecture Notes in Computer Science  
We describe a method to detect botnet command and control traffic and individual end-hosts.  ...  Very persistent destination atoms are added to a host's whitelist during a training period.  ...  The notion of persistence, a key contribution of this work, turns out to be critical in detecting the covert channel communication of botnets.  ... 
doi:10.1007/978-3-642-04342-0_17 fatcat:6erdzg5ozzdbblj7xatoqzvcwu

On Botnets That Use DNS for Command and Control

Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann
2011 2011 Seventh European Conference on Computer Network Defense  
Index Terms-malware detection; botnet detection; dns; command and control; • To our knowledge, we are the first to document 1 There is only anecdotal evidence for DNS as botnet C&C [9] .  ...  In addition, we correctly detected DNS C&C in mixed office workstation network traffic.  ...  Instead, we exploit rdata features and persistent communication behavior to detect DNS C&C. The third group of related work covers DNS covert communication.  ... 
doi:10.1109/ec2nd.2011.16 dblp:conf/ec2nd/DietrichRFBSP11 fatcat:66dxi7nxxbhspjaa6fii7qku6e

Trends and Challenges in Network Covert Channels Countermeasures

Luca Caviglione
2021 Applied Sciences  
Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner.  ...  Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been  ...  or to orchestrate botnets [10] .  ... 
doi:10.3390/app11041641 fatcat:yjzptmbvabhhvm6mmxatede2km

Analysis of a "/0" stealth scan from a botnet

Alberto Dainotti, Alistair King, kc Claffy, Ferdinando Papale, Antonio Pescapè
2012 Proceedings of the 2012 ACM conference on Internet measurement conference - IMC '12  
This 12-day scan originated from approximately 3 million distinct IP addresses and used a heavily coordinated and unusually covert scanning strategy to try to discover and compromise VoIP-related (SIP  ...  Botnets carry out network scans for several reasons, including searching for vulnerable machines to infect and recruit into the botnet, probing networks for enumeration or penetration, etc.  ...  ACKNOWLEDGMENT The authors would like to thank the following people: J. Stewart with SecureWorks for helping to identify the sipscan binary; K.  ... 
doi:10.1145/2398776.2398778 dblp:conf/imc/DainottiKcPP12 fatcat:ef7rjfxs45b4zmrsjzg7ynfmju

Analysis of a "/0" Stealth Scan From a Botnet

Alberto Dainotti, Alistair King, Kimberly Claffy, Ferdinando Papale, Antonio Pescape
2015 IEEE/ACM Transactions on Networking  
This 12-day scan originated from approximately 3 million distinct IP addresses and used a heavily coordinated and unusually covert scanning strategy to try to discover and compromise VoIP-related (SIP  ...  Botnets carry out network scans for several reasons, including searching for vulnerable machines to infect and recruit into the botnet, probing networks for enumeration or penetration, etc.  ...  ACKNOWLEDGMENT The authors would like to thank the following people: J. Stewart with SecureWorks for helping to identify the sipscan binary; K.  ... 
doi:10.1109/tnet.2013.2297678 fatcat:k56znsfbxbhe7f2rpqsvsvm7pu

The Security of IP-Based Video Surveillance Systems

Naor Kalbo, Yisroel Mirsky, Asaf Shabtai, Yuval Elovici
2020 Sensors  
The purpose of this review is to provide researchers and engineers with a better understanding of a modern surveillance systems' security, to harden existing systems and develop improved security solutions  ...  Unfortunately, like other IoT systems, there are inherent security risks which can lead to significant violations of a user's privacy.  ...  Covert Exfiltration Channel Some surveillance systems are air-gapped (not connected to any other network) as a security measure.  ... 
doi:10.3390/s20174806 pmid:32858840 fatcat:3fp4iwcbojcszft4iqtkjmmvhq

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences [article]

Joseph Gardiner, Marco Cova, Shishir Nagaraja
2015 arXiv   pre-print
We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels.  ...  We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence  ...  To make channel detection and blocking more difficult, attackers also use covert communication mechanisms that mimic regular traffic patterns.  ... 
arXiv:1408.1136v2 fatcat:dhhjzhq44rgqxojwfaw324ehh4

Behavioral Mimicry Covert Communication [chapter]

Seyed Ali Ahmadzadeh, Gordon Agnew
2012 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
The regularity score is designed to detect the temporal abnormal behaviors of the covert transmitter.  ...  In principle, the regularity test is designed to detect the temporal abnormal behaviors of the covert transmitter.  ... 
doi:10.1007/978-3-642-31909-9_8 fatcat:uz5vx5lvzvh2vfqmcpnk2gnqza

Domain Name System Security and Privacy: A Contemporary Survey [article]

Aminollah Khormali, Jeman Park, Hisham Alasmary, Afsah Anwar, David Mohaisen
2020 arXiv   pre-print
However, due to the vulnerability of DNS to various threats, its security and functionality have been continuously challenged over the course of time.  ...  In order to comprehensively understand the root causes of the vulnerabilities of DNS, it is mandatory to review the various activities in the research community on DNS landscape.  ...  An adaptive attacker may still succeed in the attack by using a fake name server, that enables off-path traffic analysis and a covert channel [99] .  ... 
arXiv:2006.15277v1 fatcat:loknouehirdhvdgztkevi27vse

Cyber-Physical Systems Security: Limitations, Issues and Future Trends

Jean-Paul A. Yaacoub, Ola Salman, Hassan N. Noura, Nesrine Kaaniche, Ali Chehab, Mohamad Malli
2020 Microprocessors and microsystems  
Their integration with IoT led to a new CPS aspect, the Internet of Cyber-Physical Things (IoCPT).  ...  They are closely related to Internet of Things (IoT) systems, except that CPS focuses on the interaction between physical, networking and computation processes.  ...  botnets, Trojans or worms to infiltrate information through a CPS encrypted channel from an internal system (i.e PLC, ICS or RTU) through the reliance on Trusted Third Party in disguise, to a botnet Command-and-Control  ... 
doi:10.1016/j.micpro.2020.103201 pmid:32834204 pmcid:PMC7340599 fatcat:omeihta4vbe55cohyhbhi56mzm

THAAD: Efficient Matching Queries under Temporal Abstraction for Anomaly Detection [article]

Roni Mateless, Michael Segal, Robert Moskovitch
2019 arXiv   pre-print
In this paper we present a novel algorithm and efficient data structure for anomaly detection based on temporal data.  ...  Moreover, we introduce a new parameter to control the pairwise difference between the corresponding symbols in addition to a distance metric between the subsequences.  ...  Born and Gustafson [40] researched a method for detecting covert channels in DNS using character frequency analysis.  ... 
arXiv:1911.00336v2 fatcat:knsyxoynxzgt3olvarva2xdwxy

Presence Metadata in the Internet of Things: Challenges and Opportunities

Robert Hegarty, John Haggerty
2020 Proceedings of the 6th International Conference on Information Systems Security and Privacy  
To demonstrate the exploitation of metadata and its threat to privacy, this paper presents Meta-Blue, a Bluetooth Low Energy metadata capture, analysis, and visualisation tool.  ...  Abstract: The Internet of Things is an emerging computing paradigm that promises to revolutionise society.  ...  Issoufaly and Tournoux, investigate the exploitation of a Botnet of Bluetooth Low Energy devices, for large scale individual tracking in BLEB (Issoufaly, 2017) .  ... 
doi:10.5220/0009094106310638 dblp:conf/icissp/HegartyH20 fatcat:synmtxyq4jayhdzcw7tfvfdhym

Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace

Erik Gartzke, Jon R. Lindsay
2015 Security Studies  
Because cyber aggression exploits the same open channels used for legitimate commerce and communication, offensive techniques cannot simply be prevented or proscribed.  ...  Covert attackers must exercise restraint against complex targets in order to avoid compromises resulting in mission failure or retaliation.  ...  If the covert sources or methods used to create a surreptitious information channel are compromised, then the target of collection can rapidly change its behavior or otherwise move secrets out of the spy's  ... 
doi:10.1080/09636412.2015.1038188 fatcat:lssjlnctpvatlgsajmo2m3rrbi

A Study of Newly Observed Hostnames and DNS Tunneling in the Wild [article]

Dennis Tatang, Florian Quinkert, Nico Dolecki, Thorsten Holz
2019 arXiv   pre-print
DNS tunneling is a covert channel technique to transfer arbitrary information over DNS via DNS queries and answers.  ...  This technique is often (ab)used by attackers to transfer data in a stealthy way, bypassing traditional network security systems.  ...  Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon.  ... 
arXiv:1902.08454v1 fatcat:2kr4mfpzafgevc6yuvjlcq5yme

An empirical reexamination of global DNS behavior

Hongyu Gao, Vinod Yegneswaran, Yan Chen, Phillip Porras, Shalini Ghosh, Jian Jiang, Haixin Duan
2013 Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM - SIGCOMM '13  
Furthermore, we propose a novel approach that detects malicious domain groups using temporal correlation in DNS queries.  ...  We use this dataset to reaffirm findings in published work and notice some significant differences that could be attributed both to the evolving nature of DNS traffic and to our differing perspective.  ...  We are grateful to Paul Vixie and the SIE contributors for providing us access to this extraordinary data source.  ... 
doi:10.1145/2486001.2486018 dblp:conf/sigcomm/GaoYCPGJD13 fatcat:7rmcjuq7b5biffwthwjoj7h7py
« Previous Showing results 1 — 15 out of 68 results