Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(237.86KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
A Mitigation Technique For Internet Security Threat of Toolkits Attack
Francisca Nonyelum Ogwueleka, Edward Onyebueke Agu
Pages - 225 - 237     |    Revised - 31-08-2015     |    Published - 30-09-2015
Volume - 9   Issue - 5    |    Publication Date - September / October 2015  Table of Contents
MORE INFORMATION
KEYWORDS
Toolkits, Mitigation, Zeus, Botmaster, Cryptosytem, Botnets.
ABSTRACT
The development of attack toolkits conforms that cybercrime is driven primarily by financial motivations as noted from the significant profits made by both the developers and buyers. In this paper, an enhanced hybrid attack toolkit mitigation model was designed to tackle the economy of the attack toolkits using different techniques to discredit it. The mitigation looked into Zeus, a common and the most frequently used attack toolkit to discover the hidden information used by the attackers to launch attacks. This information helped in creating honey toolkits, honeybot and honeytokens. Honeybots are used to submit honeytoken to botmasters, who sells to the internet black market. Both the botmasters, his mules and buyers attempts to steal huge amount of money using the stolen credentials which includes both real and honeytokens and will be detected by an attack detector which sends an alert on any transaction involving the honeytokens. A reconfirmation process which is secured using enhanced RC6 cryptosystem is enacted. The reconfirmation message in plain text is securely encrypted into cipher text and transmitted from the bank to the legitimate account owner and vise visa. The result of the crypto analysis carried out on the encrypted text using RC6 encryption algorithm showed that the cipher text is not transparent.
CITED BY (0)  
1 Google Scholar
2 CiteSeerX
3 refSeek
4 TechRepublic
5 Scribd
6 SlideShare
7 PdfSR
1 M. Y. Rhee. Internet security: cryptographic principles, algorithms, and protocols. John Wiley & Sons Ltd., The Atrium, South Date, Chichestre, West Sussex. PO09 8SQ, England. 2003 Pp 26-298.
2 F. Marc. “A white paper on Symantec Report on Attack Kits and Malicious Websites”, Symantec World Headquarters, 350 Ellis St. Mountain View, CA 94043 USA. Pp. 17-65. 2011. http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits
3 Web source write-up on “Security Response from Symantec Corporation” 2010a. http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-
4 M. Chandrasekaran, R. Chinchani, & S. Upadhyaya. “Phoney: “Mimicking user response to detect phishing attacks”, In Proceedings of the 2006 International Symposium on the World of Wireless, Mobile and Multimedia Networks, pp. 5pp.–672. 2006.
5 ITU Botnet Mitigation Toolkit Background Information, ICT Applications and Cyber security Division Policies and Strategies Department ITU. Pp. 12-43. 2008. Telecommunication Development Sector. www.itu.int/ITU-D/cyb/cybersecurity /projects/botnet.html
6 Web source white paper on internet security threat report, from Symantec Corporation http://eval.symantec.com/mktginfo/enterprise/white_papers/bwhitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf;p.1831. 2010b.
7 A. Ramachandran, N. Feamster, & D. Dagon “Revealing botnet membership using dnsbl counter-intelligence,” in Proceedings of USENIX SRUTI06, vol. 23. pp. 49– 54. 2006.
8 T. F. Yen & M. K. Reiter. “Traffic aggregation for malware detection,” in Proceedings of the Fifth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA08), pp. 207–227. 2008.
9 G. Gu, R. Perdisci, J. Zhang, & W. Lee, “Botminer: Clustering analysis of network Traffic for protocol and structure independent botnet detection,” in Proceedings of the USENIX Security Symposium. Berkeley, CA, USA: USENIX Association. Vol. 31, pp. 139–154. 2008.
10 G. Gu, P. Porras, V. Yegneswaran, M. Fong & W. Lee W. “Bothunter: detecting malware infection through ids-driven dialog correlation,” in SS’07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association. Vol. 19, pp. 1–16. 2007.
11 J. Goebel, & T. Holz. “Rishi: Identify bot contaminated hosts by IRC nickname evaluation,” in Proceedings of USENIX HotBots07. Berkeley, CA, USA: USENIX Association. Vol. 32, pp. 725. 2007.
12 J. Franklin, V. Paxson, A. Perrig & S. Savage. “An inquiry into the nature and causes of the wealth of internet miscreants,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07), Vol. 37, pp. 375–388. 2007.
13 T. Holz, M. Engelberth, & F. Freiling. “Learning more about the underground economy: A case-study of keyloggers and dropzones,” University of Mannheim, Tech. Rep. Reihe Informatik TR-2008-006, pp. 7-28. 2008.
14 D. Birk, S. Gajek, F. Grobert, & A. R. Sadeghi,. “A forensic framework for tracing phishers, in IFIP Summer School on The Future of Identity in the Information Society”, Karlstad, Sweden, pp. 12-31. 2007.
15 Z. Li, Q. Liao, & A. Striegel, “Botnet economics: Uncertainty matters,” in Proceedings of the 7th Workshop on the Economics of Information Security (WEIS’08), pp. 9-23. 2008.
16 S. Li & R. Schmitz. “A novel anti-phisihng framework based on honeypots,” in Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit. Vol. 16, pp. 3 38. 2009.
17 Thomas Ormerod, Lingyu Wang, Mourad Debbabi, Amr Youssef, Hamad Binsalleeh, Amine Boukhtouta, & Prosenjit Sinha “Defaming Botnet Toolkits: A Bottom-Up Approach to Mitigating the Threat,” National Cyber-Forensics and Training Alliance Canada, Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada, H3G 2W1, 2010.
Professor Francisca Nonyelum Ogwueleka
Faculty of Pure and Applied Science, Computer Science Department, Federal University Wukari, - Nigeria
Mr. Edward Onyebueke Agu
Federal University Wukari - Nigeria
aguedward@fuwukari.edu.ng