TY - GEN
T1 - Protecting web 2.0 services from botnet exploitations
AU - Vo, Nguyen H.
AU - Pieprzyk, Josef
N1 - Copyright 2010 IEEE. Reprinted from Second Cybercrime and Trustworthy Computing Workshop : Ballarat, Victoria, Australia, 19-20 July 2010. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
PY - 2010
Y1 - 2010
N2 - Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the bot-net owner via a communication channel called Command and Control (C&C) channel. There are three main C&C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such bot-net was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C&C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.
AB - Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the bot-net owner via a communication channel called Command and Control (C&C) channel. There are three main C&C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such bot-net was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C&C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.
UR - http://www.scopus.com/inward/record.url?scp=78649880990&partnerID=8YFLogxK
U2 - 10.1109/CTC.2010.10
DO - 10.1109/CTC.2010.10
M3 - Conference proceeding contribution
AN - SCOPUS:78649880990
SN - 9780769541860
SP - 18
EP - 28
BT - Proceedings - 2nd Cybercrime and Trustworthy Computing Workshop, CTC 2010
PB - Institute of Electrical and Electronics Engineers (IEEE)
CY - Piscataway, NJ
T2 - 2nd Cybercrime and Trustworthy Computing Workshop, CTC - 2010
Y2 - 19 July 2010 through 20 July 2010
ER -