Abstract
Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the bot-net owner via a communication channel called Command and Control (C&C) channel. There are three main C&C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such bot-net was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C&C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.
Original language | English |
---|---|
Title of host publication | Proceedings - 2nd Cybercrime and Trustworthy Computing Workshop, CTC 2010 |
Place of Publication | Piscataway, NJ |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 18-28 |
Number of pages | 11 |
ISBN (Print) | 9780769541860 |
DOIs | |
Publication status | Published - 2010 |
Event | 2nd Cybercrime and Trustworthy Computing Workshop, CTC - 2010 - Ballarat, Australia Duration: 19 Jul 2010 → 20 Jul 2010 |
Other
Other | 2nd Cybercrime and Trustworthy Computing Workshop, CTC - 2010 |
---|---|
Country | Australia |
City | Ballarat |
Period | 19/07/10 → 20/07/10 |