Protecting web 2.0 services from botnet exploitations

Nguyen H. Vo, Josef Pieprzyk

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

8 Citations (Scopus)
51 Downloads (Pure)

Abstract

Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the bot-net owner via a communication channel called Command and Control (C&C) channel. There are three main C&C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such bot-net was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C&C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.

Original languageEnglish
Title of host publicationProceedings - 2nd Cybercrime and Trustworthy Computing Workshop, CTC 2010
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages18-28
Number of pages11
ISBN (Print)9780769541860
DOIs
Publication statusPublished - 2010
Event2nd Cybercrime and Trustworthy Computing Workshop, CTC - 2010 - Ballarat, Australia
Duration: 19 Jul 201020 Jul 2010

Other

Other2nd Cybercrime and Trustworthy Computing Workshop, CTC - 2010
CountryAustralia
CityBallarat
Period19/07/1020/07/10

Bibliographical note

Copyright 2010 IEEE. Reprinted from Second Cybercrime and Trustworthy Computing Workshop : Ballarat, Victoria, Australia, 19-20 July 2010. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

Fingerprint

Dive into the research topics of 'Protecting web 2.0 services from botnet exploitations'. Together they form a unique fingerprint.

Cite this