| Title: | Honeynet design and implementation |
| Author: | Artore, Diane |
| Abstract: | Over the past decade, webcriminality has become a real issue. Because they allow the botmasters to control hundreds to millions of machines, botnets became the first-choice attack platform for the network attackers, to launch distributed denial of service attacks, steal sensitive information and spend spam emails. This work aims at designing and implementing a honeynet, specific to IRC bots. Our system works in 3 phasis: (1) binaries collection, (2) simulation, and (3) activity capturing and monitoring. Our phase 2 simulation uses an IRC redirection to extract the connection information thanks to a IRC redirection (using a DNS redirection and a "fakeserver"). In phase 3, we use the information previously extracted to launch our honeyclient, which will capture and monitor the traffic on the C&C channel. Thanks to our honeynet, we create a database of the activity of IRC botnets (their connection characteristics, commands on the C&C ), and hope to learn more about their behavior and the underground market they create. |
| Type: | Thesis |
| URI: | http://hdl.handle.net/1853/22614 |
| Date: | 2007-12-20 |
| Publisher: | Georgia Institute of Technology |
| Subject: |
Botnets
Honeynets IRC bots Computer networks--security measures Computer hackers |
| Department: | Computing |
| Advisor: | Committee Chair: Wenke Lee; Committee Member: Jonathon Giffin; Committee Member: Mustaque Ahamad |
| Degree: | M.S. |
| Files | Size | Format | View |
|---|---|---|---|
| artore_diane_a_200805_mast.pdf | 1.014Mb |
View/
|
