Research Critique The ability of the attackers to rapidly gain control of vast number of Internet hosts poses an immense threat to the overall security of the Internet (Staniford, Paxson & Weaver, 2002). Once compromised, these hosts can not only be used for massive Distributed Denial of Service (DDoS) attacks, but also steal or corrupt great quantities of sensitive information by confusing and disrupting the network in more subtle ways (Honeynet, 2005). The attackers accomplish this task by sending an intrusion agent commonly known as worm'. There are "two major types of malicious codes in the wild" (Todd, 2003, pp. 2). These codes are differentiated by their means of propagation: worms are self-replicating, self-propagating, …show more content…
First article that discussed self-replicating code within a C compiler appeared in 1984 by Thompson. Morris worm was launched in 1988, which had a devastating effect on the Internet (Todd, 2003). Most research conducted so far has focused on modeling and detection of the Internet worm propagation. However, the final objective of the research is containment and elimination of these worms, which has not received enough research (Zheng & Duan). This paper discusses the possible future network attack which will probably use an organized army of malicious nodes called malnets. These malnets are capable of delivering many different types of attacks. According to several researchers who are working on finding out how the malicious worms propagate on the internet the ground has already been set (Honeynet, 2005; Zheng & Duan; Geer, 2005; Staniford, Paxson & Weaver, 2002). However, "partly due to the lack of understanding of the resiliency and efficiency a malnet can have, countering malnets has been ineffective" (Li, Ehrenkranz & Kuenning, 2005). Placement of the article in the literature The paper is very recent and appeared in 2005. Since the paper has an interesting and unique topic both in security of the Internet and how distributed systems of malicious bots work it can be considered both as emerging seminal work
Cyber security threats change quickly as Internet increases, and also the related dangers are getting to be progressively international. Being covered against cyber security threats requires almost all end users, actually the most complex versions, to know the particular threats in addition to enhance their particular safety measures with a continuing foundation. On April 28, 2014 President Obama has declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America 's economic prosperity in the 21st century will depend on cyber security.” The internet enables and also helps people in a many ways and a example is collect, store, process huge amounts of data, which includes vulnerable data of small business, transactional and personal. Everything in this world is based on internet now a days.
In conclusion, this paper discussed the popular topic of active defense and how traditional defenses aren’t very adequate anymore. Next this paper discussed honeypots used to deceive attackers. This paper also discussed Computer Network Attack and Computer Network Defense and the legal impacts between the two. Lastly this paper discussed the pros and cons of active
Since the onset of the first packet switching event that many believe to be beginning of the internet, no other technology besides the printing press has ever transformed the ability to deliver information. Although the internet is used by a large percentage of the civilized world, few Americans realize how vital cyberspace is to our national infrastructure. Today, we are faced with even more threats although it has been a recognized problem since 2009, when President Barrack Obama said “The cyber threat is one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be, as a government or as a country (Obama, 2009).” Every industry that operates in the United States is dependent on the internet for some aspect of their business. Commerce, transportation, financial institutions, military, as well as industrial control systems are all interconnected. This interconnectedness has created vulnerabilities within their infrastructure that have increasingly become targets of terrorists, script kiddies, foreign governments and hackers of all types.
Ralph Langner’s article on the Stuxnet worm discusses the hardware, distribution and targets of the attack. He also goes into detail regarding the outlook of future attacks and what we can do to prevent them.
Each year there are many attempts to illegal gain entry into networks by attackers to steal information. Some attacks are designed to steal information while other may be to attack a system to cause damage or disrupt services. Attack can happen from anywhere in the world due to the internet and networks. A person from China can hack into an American network or such Stuxnet virus attack on Iran nuclear power plan which thought to be from Israel or United States but it is unsure where the virus originated from. According to Merkow & Breithaupt (2006), viruses caused the greatest financial loss over other computer crimes, (p 142). Worm is a type of virus which replicates and can easily infect a machine and then spread out across the network by using transport features of the computer or network.
Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.
Explains what a botnet is, how it is created, used and the amount or types of data that can be collected over time. The ability to track or monitor many of these botnets by antivirus software is reported to be a very low percentage of known botnets. One of the basic principles is almost a “throw everything at it and see what sticks” mentality in that developers will employ a botnet through embedding it in a quasi-convincing spam message and hoping the reader is dumb enough to click on the link (Mittleman 67.)
DNS is critical in the footprinting of a target network. It can sometimes save the attacker a lot of time, or at least corroborate other information that has been gathered. DNS is also a target for several types of attack.
When considering the technological advances over the past 50 years, the Internet has undoubtedly had the greatest impact on everyday life of developed economies and its citizens. The world has become smaller, societies interconnected, and the pace of global integration dramatically increased since the introduction of the Internet. As people and information become increasingly integrated around the world, physical borders between nations are no longer sufficient to restrict access to information and sensitive data. This integrated world allows for malicious cyber actors to advance strategic
Viruses and worms are malicious programs that self-replicate on computers or through computer systems without the user being cognizant. Worms are a series programs that repeat themselves from system to system minus the use of a host fie. Worms use methods to infiltrate remote computers and launch replicas of themselves like email messages or coping files to an accessible disk. A computer virus is a
Processes involved in the normal operation of a botnet has no comprehensive approach to either the stages encompassing the life cycle, or the lack of compartmentalization between them (see Figure 1, Botnet Life cycle Taxonomy). Apart from normal operations, so far there’s no qualitative analysis on how these stages should be characterized, defined, or distinguished. A proposed botnet life cycle stage starts with conception and ends with reaching the desired malicious intent, i.e. a successful attack and can include DDoS, spam, phishing, or click fraud. Corresponding mechanisms to these stages of the botnet life cycle are typically focused on attempting to hide the botnet (communication processes, location of the bots, and botmaster), some of these methods include IP spoofing, multi-hopping, polymorphism, and fast-flux networks. (Garcıa-Teodoro, Macia-Fernandez, & Rodrıguez-Gomez, 2012). Any defensive approach to overcoming a botnet is dedicated to preventing execution of a particular process in one of the botnet life cycle stages or combine processes in one or more stages. Deterring execution of a single stage in the botnet life cycle can thwart a malicious and devastating outcome. In principle, prevention of hidden mechanisms doesn’t suggest deterrence of the botnet goal, but increases the probability that a botnet will be identified by a defense method.
By the year of 2016, investments in online security are expected to reach $86bn (Contu et al, 2012). Although this might seem a large sum of money, it is considered necessary since there is an increase in online risks from all over the world. Professional hackers develop malware on a global scale and on a 24/7 basis. Hackers have five objectives when spreading malware over the Internet: to infect/distribute, to steal, to persist, to control and for intelligence (Morris, 2010).
Just like a biological virus, a computer virus is able to infect and ruin lives. This malicious software constitutes more than just simple viruses but also includes other types of software including worms, Trojan horses, and ransomware. Malware has been around since the late 1980’s. Originally, people became hackers to gain notoriety online, but today, it has become more of a business. Cyber attacks originate from all around the world, and it is not just individual people that benefit from it. In two decades, numerous cyber crime syndicates have been created, and states all over the world sponsor hacker groups. Over the past twenty-five years, malware has become less about checking the integrity of computer security and gaining notoriety in the underground cyber society, and it has become more of a chaos creating, money making business that many people and institutions take part in.
The internet is a medium that is becoming progressively important as it makes information available in a quick and easy manner. It has transformed communications and acts as a global network that allows people to communicate and interact without being limited by time, boarders and distance. However, the infrastructure is vulnerable to hackers who use the system to commit cyber crime. To accomplish this, they make use of innovative stealth techniques for their malicious purposes in the internet.
As discussed in the Problem Statement, there are several foundational flaws in the centralized architecture design of the C&C Botnets systems, which is leading the attackers to develop and use a Peer-to-Peer based control architecture designs like “Phatbot” [14], “Slapper” [12], “Nugache” [15], “Sinit” [13] etc., for the Botnet systems. These Peer-to-Peer based control architecture designs have multiple advantages like eliminating the need of using "Bootstrap" process which is a common process in P2P protocol. Another advantage of a P2P based architectures like “Nugache” is their ability to function undetected as they use a control channel which is encrypted [15]. Another advantage of a P2P based architectures like “Sinit” is their ability to provide sophisticated authentication by using public and private keys and cryptography [13]. Figure2 below illustrates the current “Command and Control Architecture of a C&C Botnet” [1]