BOTNET DETECTION AND MITIGATION USING HONEYPOTS

Abstract

The technological advances in the fields of networking and distributed computing have been in an increasing growth trend. And as the curve rise, the ease of access to these remote computers and networking devices for carrying out various measures like communication, data transmission and various transactions have also seen a significant increase especially in the recent years. Security of such infrastructure have always been a major concern for both hardware and software vendors. Although a number of solutions have been proposed and implemented over the time to combat the security vulnerabilities, the impact of the black hats (attackers and hackers) are always at par with those of the security defenders. Botnet phenomenon is one such threat to the security of any network systems and its end users which has already gained a widespread negative impact worldwide. Threats via a botnet include a wide range of malicious activities like spam distribution, malware, phishing, launching DDoS/DoS, identity theft, illegal resource utilization and many more. Therefore it has become an utmost necessity from security point of view to come up with an efficient and robust botnet detection and mitigation technique. While a wide range of solutions have already come up in the research history, the honeypot technology in detection of bots and botnets is one significant approach and is still in its infant stage. This thesis aims towards having a complete understanding of the botnet phenomenon, its architecture, types, lifecycle and various detection mechanisms. The honeypot technology is also studied in depth especially in context to its application in network security. Deployment of honeypots for detecting bots and botnets being the primary goal of this thesis, work is done to implement a centralized botnet command and control architecture. A low interaction honeypot is deployed in the compromised bot machines and servers to perform a monitoring activity for the attackers trying to connect and also logging information for further study and analysis.