Please note that i found the answer here in chegg but I need a unige answer and
ID: 3697869 • Letter: P
Question
Please note that i found the answer here in chegg but I need a unige answer and the reference as will
Research Article IT344
Project Nature:
Analytical (Individual Assignment)
What is Research article: Review articles provides summary of current state of the research on a particular topic. Ideally, the writer searches for everything relevant to the topic, and then sorts it all out into a comprehensible way. Review Articles will teach you about: the main people working in a field
· recent major advances and discoveries
· significant gaps in the research
· current debates
· ideas of where research might go next
There are many benefits to reading research articles (Dunifon, 2005):
· Research articles are the best source of tested, evidence-based information.
· By going to the source of information, readers can draw their own conclusions about the quality of the research and its usefulness to their work.
· Readers can use the research to inform decisions about their programs, including
· decisions about program development, design, or discontinuation. Readers can incorporate the evidence into their practice or resource materials.
Project Description:
In this Project, Students are required to submit a research article on the topic related to Data Mining or Data warehouse.
Submit a research draft on the topic selected. Read at least 5 papers relevant to topic selected. The article should contain the following sections:
A. Introduction Section: You have to write at least one page introduction of the topic that you have selected in your own words. The introduction should explain the topic in simple English. You can use models or diagrams to explain the topic that you have selected. This section should not be more than two pages long.
B. Literature section: In this section, you have to describe research papers about the topic in your own words. The literature review provides the reader with a summary of other research related to the topic. It also addresses questions that remain unanswered or require additional research. In general, this is also the section where the authors’ research question is introduced, and hypotheses or anticipated results are stated. The articles that you select have to be some journal papers or conference proceedings. However, you cannot describe webpages as literature. At least 70% of the literature selected should be published after 2011. All the articles should be properly referred in the section.
Do not copy any part of the article into your review. If you want to use more than 3-4 of the author's words, then use quotation marks, and add reference of the article
C. Methods: In this section, you have to introduce and explain major applications of the topic, which are currently in use. You can use models or diagrams to explain these applications. This section of the research article should outline the methodology the author(s) used in conducting the study. Including information on methods used allows readers to determine whether the study used appropriate research methods for the question being investigated.
D. Results: State research findings in this section. The results are often displayed using tables, charts, graphs or figures along with a written explanation.
E. Conclusion: In this section, you have to write one-two paragraph summary of your whole research in your own words. F. References: In this section, you have to give proper references of the literature that you have presented in section B. The format that you will use for writing references is IEEE format.
The document format that you have to follow for this assignment is IEEE single column format for conference papers. This format is available on the following link; www.ece.utah.edu/~ece1270/_IEEE_Template_1col_2sp.doc
Important things to remember 1. Use your own words. Do not copy/paste from internet. Safe Assign feature of blackboard will identify the text you have copied from internet and your marks will be deducted.
1. Do not copy/paste from any other group’s work. This will also be identified by Safe Assign feature and your assignment will be cancelled and marked zero.
2. Use diagrams/figures/models etc.to convey your topic properly. This will eventually help in increasing your marks.
3. Do not forget to refer whenever you describe some research. Always follow the method of referencing as given in the template
Project Nature:
Analytical (Individual Assignment)
Explanation / Answer
Research on the BOTNET PROBLEM:
ABSTRACT:
The following report discusses the problem of botnets and the interaction between the various internet service providers (ISP’s) regarding the botnets within the same networks.Botnet is one of the most important threats these days .It is basically a group of computers connected to each other whose security has been breached .This problem is increasing day by day and therefore, it is extremely important to discuss this problem in detail. Along with this there is another important aspect of the internet service providers(ISP’s).The report involves the discussion of the various information that should be allowed to be exchanged between them .The aboive mentioned problems are discussed within the report.
INTRODUCTION:
The given report discusses the scale of the botnet problem showing how important it has become in today’s world leading to the breach of security. Further, it discusses the lifecycle of the botnets along with its various phases and its functions during each of the phases. Along with this there are a number of detection techniques that are used for the detection of botnets and these help in finding the botnets and getting rid of them as soon as possible. There is also a discussion on the various mitigation techniques that are used to remove the botnets once they are identified by the various detection techniques. It also includes the definition of internet service providers (ISPs) and their usage which involves the sharing of information regarding botnets within the ISPs within the same networks. It further includes the information that is allowed to be exchanged between ISPs,the information that they should now exchange .Moreover it describes the various security concerns of using ISP’s in finding information about botnets and lastly it describes the responses of the ISP’s.
Botnet is one of the most important threats in terms of computer security. A botnet is a group of computers connected with each other through a network whose security has been breached and the control is ceded to the malicious party. This leads to creation of compromised hosts sitting in homes, schools, businesses, and governments around the world. Each of them is called a “bot” which gets created when the computer gets penetrated by software from malware distribution normally called malicious software. Each of these bots communicates with a bot controller and other bots, which together form the zombie arms or botnets. They can propagate as worms or they can hide from being detected like viruses. The malicious software installed on the computer allows it to be commanded and controlled by the botnet's operator.
SCALE OF THE BOTNET PROBLEM:
Botnets have evolved very quickly over the recent years. The magnitude of such a problem is huge. Various surveys have been conducted for the same. It was found that the number of bots observed each day, increased from less than 2.000 to even more than 30,000 during the first 6 months of the year 2004. Also, the surveys have suggested that in 2005, the number of the bot infected systems was measured to be between 8 to 9 lakhs, with certain botnets having more than one lakh members [1].
In 2009, the total number of malware infections was found to be over 7 million and around 70% of all e-mail messages were spam. Out of this, 85% of the amount of spam was caused by just six botnets [2]. Also, the average number of active botnet members on a given day increased to ten million. This shows that botnets have increased at a very fast pace over a period of time and this needs to be controlled.
Botnets are one of the most dangerous threats today. The most important reason for this is that they use a very large group of hosts which are able to execute a combination of brute force and subtle attacks. Furthermore, bots work in extremely large groups or numbers with a centralized bot-master which gives orders to the bot. Botnets can easily cripple a large scale network within a short period of time. It further results into a large amount of data and financial loss.
The increase in the number of botnets over the years has been majorly for financial gain or for disruptive purposes [3]. Malware may be used to steal sensitive information such as credit card numbers, social security numbers, and passwords; which is passed to the bot-master and can be sold to criminals. A major motivation to operate a Botnet is the total amount of money (income) that can be earned by the online criminals from sending spam e-mails over the internet. According to Ferris Research, It has been found that the e-mail spam costs around $130 million worldwide to businesses every year with $42 million only within the US. A few of the disruptive activities caused by the operation of a Botnet are [3]:
LIFECYCLE OF BOTNETS:
A botnet lifecycle normally comprises of the following five phases taking place one after the other in order to increase the impact of breach of security [4] [5].
BOTNET DETECTION TECHNIQUES:
There are a number of botnet detection techniques [4] [5]. Some of them are discussed below along with their advantages / disadvantages:
1. Packet Inspection: It is one of the approaches to ensure network security. In this technique, the various protocol fields are taken and they are matched against the existing patterns of the malicious data. This normally includes the shell code sequence packets communicating through the IRC (Internet Relay Chat) protocol. The various patterns that are used are knows as the ‘detection signatures’. This is used in Intrusion Detection Systems which issue warnings when attack is identified through malicious data in packets. In some cases, it tries to prevent an attack by rejection of the packets and closing of all the connections. Such a system is called Intrusion prevention systems (IPS). It may also send the contents of the packets to the analysing systems. Advantage: This technique can be used in automated measurement and detection. Disadvantage: Individual packets of data need to be inspected. This method cannot be used for unknown bots.
2. Flow Record Analysis: The tracing of network traffic takes place at abstract levels here. The various properties of a stream of data are defined by a flow record. The important attributes in a flow record are source address, session time, number of packets, destination address, packet size, etc. This technique is normally used to identify the traffic patterns and this information is used to filter and getting rid of the malicious content. Advantage: It can be used for the identification of infections and disinfection mechanisms. No need to inspect individual packets of data. Streams of data are collectively inspected. Thus, large traffic can be handled.
3. Spam Record Analysis: Unsought e-mails are distributed by botnets. This process is called as spamming. This technique involves the analyzing of spam records through which the botnet activities can be determined. Most of the information is obtained from a deeper insight to the spam messages of the botnets. When spam emails are created by botnets, they follow a similar pattern. These patterns are used to identify the spam generation. The headers of the spam messages tell us about the botnet location and its overall distribution. The process of comparing and aggregating the spam e-mails is known as spam campaigning. A limitation of this method is that it majorly focusses only on Spam as the means of activity by the Botnet.
4. Anomaly Based Detection: It is another way of detecting the botnets which is based on the network irregularities like high volumes of traffic or unusual system behaviour that could indicate the presence of bots in a network. This method helps in detecting existing bots in the network; however it may not work in the case where the botnet has not been used till now for launching attacks.
MITIGATION TECHNIQUES:
There are a number of techniques that can be used to mitigate the threat of botnets that are increasing day by day [6]. These involve:
1.Using Scripts And net flow data: It involves monitoring the network for a number of activities which include denial of service attacks(DOS).The participation of IP addresses in a DOS attack can be investigated. The combination of data from various attacks like DOS attack or a darknet can eventually help in finding a botnet member. After these botnet members are located, a check could be performed to determine if these hosts are communicating with a common host which could be a command and control(C&C) server. Removing a C&C server can lead to the disruption of the botnet. If the owner of the compromised host could be found, it could lead to the identification of a list of bots and further notifications can be sent out.
2. Using the existing data and equipment: The usage of the existing data/equipment is extremely useful in order to keep the costs low while trying to secure a network. A number of surveillance platforms are being sold by many companies. These platforms perform packet inspection and filtering. A network operator can use the pattern-matching capabilities of these machines to check for compromised machines on his network. These devices are extremely useful to a network operator who wants to monitor their network for harmful activities and thereby mitigating the harmful activities by monitoring them.
Information ISP should not exchange:
1.. The in-depth information regarding the attacker’s position, place and time is not notified to other ISP; only the attack information is exchanged, so that gates (interface between two ISPs, at the edge of the ISP network) are notified before a further attack is launched. The information on the several types of attacks launched by a single attacker is also not shared amongst ISP’s.
2.. ISPs have the responsibility to secure the customer's credential, personal data, and their browsing information. They must not disclose the identity of the Internet user in their networks to others.
3.. With regard to data exchange on Botnets, ISPs need not share their routing strategy and network configuration details with other ISPs.
SECURITY CONCERNS:
ISPs play an important role in preventing and identifying the botnets. The sharing of information between multiple ISPs has to take care of certain security concerns:
It is extremely important to protect the system against security breaches and the privacy demands of the users. ISP helps in achieving these two aspects.
DISCUSSION OF THE RESPONSES:
ISPs need to make intelligent use of the data received from other ISPs. In response to the information received, appropriate action must be taken. E.g.: If it is informed of a Botnet identified, it must be ready to counter or prevent the attack. It must update its database with the known bots or spams details received from other ISPs. They must work in collaboration to share information on threats like Bots to the network. At the same time, the ISP must ensure that all the communication with other ISP is done over a secure channel.
As a result the information to be shared and not to be shared should be taken into account to a great extent and thereby ISPs should respond as quickly as possible depending on the extent of the botnet which has been identified so that quick measure could be taken to detect and mitigate the botnet as soon as possible without too much damage to the computer systems.
CONCLUSION:
The botnet problem was studied in detail along with its lifecycle and mitigation techniques.Along with this a the interaction between the ISP’s was also studied to see what information is allowed to exhcnage between them and what information is not allowed to be exchanged.On the whole,these two important aspects of computer security were studied to get an in depth knowledge of security problems.
REFERENCES:
[1] The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets[Online],Available at:
http://static.usenix.org/event/sruti05/tech/full_papers/cooke/cooke_html/
[2] How to Mitigate the Increasing Botnet Threat[Online],Available at:
http://www.eweek.com/c/a/Security/How-to-Mitigate-the-Increasing-Botnet-Threat/
[3]Joseph Massi,SUdhir Panda, Botnet Detection And Mitigation[Online],Available at:
http://csis.pace.edu/~ctappert/srd2010/c4.pdf
[4]A Survey of Botnet and Botnet Detection[Online],Available at:
http://www.itk.ilstu.edu/faculty/ytang/botnet/3%202009-A%20Survey%20of%20Botnet%20and%20Botnet%20Detection.pdf
[5]Arshad Hussain,Botnet tracking and Intrusion Detection[Online],Available at
http://www.emich.edu/ia/pdf/research/Hussain%20Arshad,%20Botnet%20Tracking%20and%20Intrusion%20Detection.pdf
[6]Use Existing Data and Component[Online],Available at:
http://www.eweek.com/c/a/Security/How-to-Mitigate-the-Increasing-Botnet-Threat/1/
[7] US Anti-Bot Code Of Conduct(ABC’s) for Internet Service Providers(ISPs)[Online],Available at:
https://otalliance.org/resources/botnets/20120322%20WG7%20Final%20Report%20for%20CSRIC%20III.pdf
[8]Roger Karrer,Ulrich Kuhn,ISPs:Who Else Can You Trust in the Internet[Online],Available at:
http://www.icin.biz/files/programmes/Session1B-1.pdf
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.