This document summarizes different botnet architectures including centralized, peer-to-peer, hybrid, and HTTP with peer-to-peer. It describes the life cycle of bots from infection to performing malicious tasks. It also discusses a self-healing system architecture inspired by how biological systems develop immunity. The conclusion states that botnets have a direct influence on cybercrime and it is an ongoing effort between attacks and defenses.
1. A STUDY ON BOTNET
ARCHITECTURE
Seminar Guide,
SHIBU V.S
Asst.Professor
By,
BINI B.S
M1,CSE
1
2. Overview
Introduction
How Botnet Works
Botnet Life Cycle
Botnet Architecture
Centralized Botnet Architecture.
Peer to Peer Botnet Architecture (P2P).
Hybrid Botnet Architecture.
Hyper Text Transfer Protocol with Peer to Peer (HttP2P)
Botnet Architecture.
Self-healing system Architecture.
Conclusion
References
2
3. Introduction
BOTNET or Robot Network is the biggest network security
threats faced by home users, organizations, and governments.
A “BOTNET” is a network of compromised computers (“bots”)
connected to the Internet that is controlled by a remote
attacker (“botmaster”).
Created by intelligent and up to date hackers.
3
5. Botnet Life Cycle
• Once botnet infects a computer, A bot usually
steals something such as personal information,
Authentication credentials or Credit card data.
• The machine then becomes part of the botnet,
ready to perform designated malicious tasks.
• Common functions in most botnets include
DDoS attacks, Click fraud ,spam, phishing etc.
5
7. Botnet Architecture
Different types of BOTNET architectures:
i.
ii.
iii.
iv.
Centralized Botnet Architecture.
Peer to Peer Botnet Architecture (P2P).
Hybrid Botnet Architecture
Hyper Text Transfer Protocol with Peer
to Peer Botnet Architecture.
7
8. I. Centralized Botnet Architecture
• Oldest and easiest architecture to manage and
control botnets.
• All the zombie computers is being supervised
from a center point, which makes them easy to
manage.
• The disadvantage : Entire botnet can be
shutdown if the defender captures the C&C
server.
• Examples: AgoBot, SDBot, SpyBot, GTBot etc.
8
10. II.Peer to Peer Botnet Architecture
• Used to remove the drawbacks of centralized
architecture.
• P2P based n/w is much harder to shutdown.
• In this architecture a node can act as a client(soldier
bot) as well as a server(supervisor bot) and there is
no centralized point as C&C server.
• Examples : Phatbot and Peacomm.
10
12. III. Hybrid Botnet Architecture
• It is harder to be shut down, monitored, and hijacked.
• A botmaster could easily monitor the entire botnet by
issuing a report command , and make it harder from
detecting bots.
12
14. IV. Hyper Text Transfer Protocol with Peer to Peer:
• The Supervisor-Bot cipher the message.
• It continuously search for Soldier-Bot, and when
found deliver message to it.
• While the Soldier-Bot does not contact
dynamically to Supervisor-Bot rather it waits for
a call from its supervisor.
14
15. Self healing System Architecture
• Concept is inspired by the way organisms adapt
to their environment by developing immunity
against harmful viruses, bacteria and toxins.
• It is based on a study of two HTTP-based
botnets, Zeus and Black energy, and two P2P
botnets , Waledac and Storm.
15
16. Self healing System Architecture (cont..)
• It enables networked systems to look
continuously for any alteration of “normal
behavior” and apply appropriate corrective
actions.
• It can recognize when it is not operating
correctly and, with little or no human
intervention occurs.
16
17. V. Self healing System Architecture
(cont..)
• It is optimized for a domain controlled network
that connects to a large geographic region.
• Application is mainly in Defense-in-depth security
solution for domain-controlled enterprise
networks.
17
19. Conclusion
• Botnets have a direct influence on the number of
cybercrimes committed. We have to be well
prepared for future botnets. It is an ongoing war
between botnet attacks and defenses.
19