User Account

All Pages

Analyse the malware bot component of the botnet

Assignment Help Computer Network Security
Reference no: EM132828689 , Length: 10 pages

Malware Analysis

TASKS:
For the purpose of this project you are expected to carry out an investigation into a botnet. Mainly, the investigation should be done by carrying out a literature review of research papers, industry reports and any other resources you may find related to that botnet. In addition, you may identify, download and analyse pcap file(s) and/or dataset(s) associated with that botnet.

Please note that you are NOT required to download and analyse the malware bot component of the botnet. If you decide to download it for further analysis, you should only do this once you have comprehensively researched and have a very good understanding of its behaviour and possible consequences. You are responsible for any damage you may cause as a result of your actions.

The final task will be to document potential defences to protect against future attacks by this botnet on organisations/individuals. Students will have to submit a report documenting their work.

The report should be concise, with the main part of the report (excluding references and appendix), limited at 10 pages in a typical 1 column format with paragraph font size of 12 pt.

REPORT STRUCTURE:

1. Executive Summary: Description of the objectives and key findings of the investigation.

2. Methodology: Details and justifications (with references) of the botnet investigation methods that were used, which can include but may not be limited to:
• Detail your strategy to search for and select the academic papers, industry reports, and other references.
• Detail the pcap files and/or dataset that you identified and analysed (if any).
• If you decide to download and analyse the bots, provide details and justifications (with references) of the malware analysis methods that were used (e.g., static analysis, dynamic analysis, Internet investigation, etc.),
• Provide description of the test environment setup (e.g., OS version, configuration, precaution and sandboxing measures, etc.), description of the software tools and online tools used for the analysis of the pcap files / datasets / bots, and justification of their choice (i.e., vis-à-vis alternative tools).

3. Botnet Investigation & Findings: Detailed description of the botnet, interpretation and critical analysis of the findings. This section must be broken down into multiple subsections with meaningful headings for each aspect considered, which can include but may not be limited to:
• Bots Identification: Description of the bot sample, such as: type of the file, its name, size, hashes, current anti-virus detection capabilities, etc.
• Botnet Size and Damage: Provide estimates (with references) of the botnet size, as well as details about reported damage caused by the botnet (e.g., monetary cost for institutions, number of affected users / systems, etc.).
• Target Devices: details about the target devices (e.g., PCs, mobile devices, IoT devices, etc.).
• Botnet Architecture: Details and diagram of the architecture/ topology used by the botnet, number and type of C&C server(s), etc.

• Botnet Behaviour: Detail the behaviour of the botnet (e.g., interaction with registry, files, network, etc.), its main purpose / use cases (e.g., steal credit card information, carry out DDoS attacks), etc.
• Botnet Resilience: Detail if the botnet uses any C&C protection and resilience techniques (e.g., bulletproof hosting, DGAs, fast-flux, etc.), detail if the bots use any hiding techniques, persistence mechanisms (e.g., surviving reboots), etc.
• Botnet Takedown: Detail any efforts by law enforcement and/or other organisations / individuals to identify who created and/or operated the botnet (if known), any efforts to deactivate the botnet and how successful these were, etc.
• Botnet Evolution: Details on how the botnet evolved, new variants of the botnet showing up, etc.

4. Recommendations: Provide recommendations on how organisations/individuals can protect themselves against future attacks by this botnet (e.g., best practices, firewall rules, IDS, anti-virus, etc.).

5. Conclusions: Include an overall discussion of the main findings, limitations and implications, detail next steps (i.e., what else would you do if you had more time).

6. References: Include references to all the resources you consulted when preparing this CA (e.g., research papers, industry reports, web resources, etc.).

7. Appendix: Include screenshots and any additional details required to evidence how you conducted thee practical tasks (the use of screenshots should be kept to a minimum in the main part of the document).

TASKS:

For the purpose of this CA you are expected to setup a malware analysis lab (please note that you are not allowed to just download an existing sandbox, but you can include a critical analysis discussing how looking at such sandboxes you learned good practices on creating your lab). In addition, you should carry out a research-based investigation into a piece of malware. The students will have to document the work carried in the form of a report and include clear evidence (descriptions and screenshots).

REPORT STRUCTURE:

1. Malware Lab
a) VM Setup: Description and justifications of the VM setup (i.e., guest Windows OS version and configuration details, VM settings. etc.).
b) Software Toots: Description of the software tools installed and justifications of their selection (i.e., vis-a-vis alternative tools).
c) Gateway: Description of the virtual gateway setup and/or other network components (if any).
d) Lab 'Testing: Description d justification of the testing activities carried out to ensure that the lab is properly configured and isolated from the production environment (i.e.. host, net

2. Research-based Malware Analysis
a) Executive Summary: Brief description the objective and key findings of the analysis.
b) Identification: Description of the malware sample, and any information available in the public domain or that can be obtained using an online tool: e.g., type of the file, its name, size, hashes, malware names (if known), current anti-virus detection capabilities, etc.
c) Analysis: detailed descriptions of the malware capabilities, behaviour, etc. This analysis should be conducted without downloading the malware using only online resources such as research papers (i.e., check Google Scholar), malware analysis reports previously done by companies/ bloggers, online tools and sandboxes (e.g., VirusTotal, ThreatMiner, Joe Sandbox). etc.

Attachment:- VM Lab Setup.rar

Reference no: EM132828689

Questions Cloud

Assess the multi-layers of corporate social responsibility : Assess the multi-layers of corporate social responsibility that are exemplified by the company
Geotechnical Engineering Application and Theory Assignment : Geotechnical Engineering Application and Theory Assignment Help and Solution - Leeds Beckett University, UK - Assessment Writing Service
Entrepreneurial environment for the smes in canada : Why business needs and the entrepreneurial environment for the SMEs in Canada toward internationalisation are important.
Key characteristics of successful entrepreneurs : Whats your opinion with above statement? agree or disagree? Why? Relate your answer to the key characteristics of successful entrepreneurs.
Analyse the malware bot component of the botnet : Setup a malware analysis lab (please note that you are not allowed to just download an existing sandbox - Brief description the objective and key findings
Discuss the implications of moore law : Discuss the implications of Moore's law - how faster, cheaper, and more available computing impacts a firm's ability to maintain sustainable competitive edge.
Discuss three experiences with mass media : Discuss three experiences with mass media (movies or television) that affected you positively or negatively, explaining when, how, and why.
Post an explanation of the qualitative research study : Post an explanation of the qualitative research study you found to be the most compelling with regard to its implication for special education.
How can utilize informational resources to engage students : In 250-500 words, summarize and reflect on how planning for materials, resources, and technology can create engagement and motivation during a lesson.

Reviews

len2828689

3/15/2021 4:15:50 AM

Hi dear, these two reports should need a 10 pages in a typical 1 column format with the paragraph font size of 12pt. I can provide you with the report structure format in word for both of them. Please provide me with a reasonable quote thanks

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd