Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet255/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   251   252   253   254   255   256   257   258   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

252
CHAPTER 17
Responding to cyber crime and cyber terrorism
dissection of high-bandwidth data streams at an early stage. This is generally only 
possible at ISP level (
Leder et al., 2009
).
Two completely different approaches in botnet hunting are based on protocol 
failure information analysis (
Zhu et al., 2009
) and passive DNS protocol analysis 
(
Bilge et al., 2011
) to detect zombies. The first one uses a new behavior-based ap-
proach to detect infected hosts within an enterprise network. The goal is to develop a 
system that is independent of malware family and requiring no “a priori” knowledge 
of malware semantics or command and control (C&C) mechanisms. The approach 
is motivated by the simple observation that many malware communication patterns 
result in abnormally high failure rates that is extended to broadly consider a large 
class of failures in both transport and application TCP/IP levels. In fact a survey 
conducted on 32 different malwares instances highlighted some commonly failure 
messages listed in 
Figure 17.11
.
From a quantitative point of view the mentioned survey found that most malware 
instances (18/24 instances) have triggered DNS failures.
Because of the important role that DNS plays in the operation of the Internet, the 
second approach is based on exclusive analysis of this protocol. It is not surprising 
that a wide variety of malicious activities involve the domain name service in one 
way or another. Bots resolve DNS names to locate their C&C servers, and spam 
mails contain URLs that link to domains that resolve to scam servers. Thus, it seems 
effective to monitor the use of the DNS system in order to investigate if a certain 
name is used as part of a malicious operation.
If the IP address of the C&C is hard-coded into the bot binary, there exists a single 
point of failure for the botnet. Whenever this address is identified and is taken down, 
the botnet would be lost. So attackers, by using DNS, give the flexibility and the fault 
tolerance they need in the malicious architectures that they manage. Furthermore, 

Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   251   252   253   254   255   256   257   258   ...   283




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish