حملات سایبری مبتنی بر شبکه‌های بات و راه‌های مقابله با آن

کریمی, سلمان; مهدوی‌کیا, عباس

حملات سایبری مبتنی بر شبکه‌های بات و راه‌های مقابله با آن

نویسندگان

¹ - عضو هیئت علمی دانشکده رایانه و فناوری اطلاعات دانشگاه هوایی شهیدستاری

² - کارشناس ارشد مدیریت بازرگانی مدرس دانشگاه هوایی شهید ستاری

چکیده

یکی از تهدیدات روزافزون در اینترنت و شبکه‌های کامپیوتری، شبکه‌های بات می‌باشد. یک شبکه بات شبکه‌ای از کامپیوترهای آلوده‌ی متصل به اینترنت است که تحت کنترل سرور دستور و کنترل[1] قرار دارند و برای حملات اینترنتی همچون حملات ممانعت از سرویس[2] و فرستادن هرزنامه مورد استفاده قرار می‌گیرند. شبکه‌های بات با شناسایی سیستم‌های آسیب‌پذیر موجود در شبکه و به مصالحه در آوردن آنها، حیطه‌ی تحت کنترل خود را گسترش می‌دهند. شبکه‌های بات به سرعت در حال پیشرفت هستند و از تکنولوژی‌های جدید همچون تغییرات پی‌درپی سریع یا نظیر به نظیر برای به دام انداختن کاربران و افزایش حفاظت از کامپیوترهای آلوده خود بهره می‌برند. در این مقاله ضمن معرفی مفاهیم مرتبط با شبکه های بات، نحوه‌ی ایجادو انتشار آن‌ه در سامانه های نیروهای مسلح جمهوری اسلامی ایران بررسی گردیده و درنهایت پیشنهادهایی برای افزایش امنیت شبکه های مورد استفاده در نیروهای مسلح ارائه گردیده است.

کلیدواژه‌ها

عنوان مقاله [English]

Botnet-based cyber attacks and the methods of confronting them

نویسندگان [English]

salman karimi ¹
abbas mahdavikia ²

چکیده [English]

One of the rising threats of the Internet and computer networks are Bot networks. A Botnet is a network of infected computers connected to the Internet that is controlled by command and control servers and is used for Internet attacks such as denial of service attacks, and for sending spams. Botnets expand their sphere of control by detecting vulnerable systems in the web and compromising them. Botnets are rapidly improving and they use new technologies such as Fast flux to trap more users and enhance the protection of infected computers for their own benefit. In this paper, the Botnet-related concepts are introduced, their development and expansion is explained and after and examination of the threats created by them, the methods of detecting and dealing with them in the IRI Armed Forces systems are studied. Finally, suggestions for the enhancement of network security in the Armed Forces are proposed.

کلیدواژه‌ها [English]

Network security
Cyber war
Botnets

مراجع

[1] E. Passerini, et al., "FluXOR : Detecting and Monitoring Fast-Flux Service Networks," in Detection of Intrusions and Malware, and Vulnerability Assessment. vol. 5137, D. Zamboni, Ed., ed: Springer Berlin / Heidelberg, 2008, pp. 186-206.

[2] J. Nazario and T. Holz, "As the net churns: Fast-flux botnet observations," in Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on, 2008, pp. 24-31.

[3] C. Brandhorst and A. Pras, "DNS: A Statistical Analysis of Name Server Traffic at Local Network-to-Internet Connections," in EUNICE 2005: Networks and Applications Towards a Ubiquitously Connected World. vol. 196, C. Kloos, et al., Eds., ed: Springer Boston, 2006, pp. 255-270.

[4] http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot

[5] J. Goebel and T. Holz, "Rishi: identify bot contaminated hosts by IRC nickname evaluation," resented at the Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA, 2007.

[6] A. Ramachandran, et al., "Revealing botnet membership using DNSBL counter-intelligence," presented at the Proceedings ofthe 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2, San Jose, CA, 2006.

[7] R. Villamarin-Salomon and J. C. Brustoloni, "Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic," in Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE, 2008, pp. 476-481.

[8] C. Hyunsang, et al., "Botnet Detection by Monitoring Group Activities inDNS Traffic," in Computer and Information Technology, 2007. CIT 2007. 7th IEEE International Conference on, 2007, pp. 715-720.

[9] M. Bailey, et al., "A Survey of Botnet Technology and Defenses," in Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology, 2009, pp. 299-304.

[10] G. Gu, et al., "BotMiner: clustering analysis of networktraffic for protocol- and structure-independent botnet detection," presented at the Proceedings of the 17th conference on Security symposium, San Jose, CA, 2008.

[11] A. Caglayan, et al., "Behavioral analysis of fast flux service networks," presented at the Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee, 2009.

[12] A. Caglayan, et al., "Real-Time Detection of Fast Flux Service Networks," in Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology, 2009, pp. 285-292.

[13] K. Yuji, "Bot Detection Based on Traffic Analysis," in The 2007 International Conference on Intelligent Pervasive Computing (IPC 2007), Jeju Island, Korea, 2007, pp. 303-306.

[14] D. Dagon, et al., "A taxonomy of botnets," in Proceedings of CAIDA DNS-OARC Workshop, San Jose, CA, 2005.

[15] G. Ollmann, "Botnet communication topologies," Damballa white paper, 2009.

[16] Samuel Greengard," The war against botnets", Magazine Communications of the ACM Volume 55Issue 2, February 2012

[17]Manoj Rameshchandra Thakur1, etal, "Detection and prevention of botnets and malware in an enterprise network", International Journal of Wireless and Mobile Computing Volume 5, Number 2/2012