The Next Generation Botnet Attack

22 Jan
Thursday, 01/22/2009 11:00am to 12:00pm
Seminar

Cliff Zou
University of Central Florida
School of Electrical Engineering and Computer Science

Computer Science Building, Room 151

Botnet is a network of compromised computers that are controlled by an attacker. In recent years, botnet has become one of the major security threats to our society as the ideal platform of choice for launching various attacks on the Internet, such as spam, phishing, distributed denial-of-service attack, key logging. As people gradually pay attention to botnet attacks and set up defense systems, attackers will design and deploy their next generation botnets that have more robust communication architecture and are harder to be monitored or detected.

In this talk, I will introduce our study of the three possible moves of attackers in designing the next generation botnets. First, attackers may change the current centralized command and control (C2) infrastructure of their botnets to be peer-to-peer structured. This will make botnet C2 structure more resilient against defenders removal defense. Based on the unique requirements of botnet attackers, we present a practical hybrid peer-to-peer botnet design. Second, as develop and deploy honeypots in their detection and defense systems, attackers will design their botnets to be immune from honeypot monitoring and spying. We present general honeypot-detection techniques based on the fact that security defenders have liability constraint not letting their honeypots sending out real attacks. Third, attackers will design their botnet codes to be stealthier to keep control of compromised machines as long as possible. We study the OS-independent hardware-level rootkit techniques that might be deployed in the next generation botnets.

Bio:

Dr. Cliff Zou received his Ph.D degree in Department of Electrical and Computer Engineering from University of Massachusetts, Amherst in 2005. After graduation, he becomes an Assistant Professor in School of Electrical Engineering and Computer Science, University of Central Florida. His research interests include computer and network security, network modeling and performance evaluation. More information about his research can be found at: http://www.eecs.ucf.edu/~czou/