Botnets: lifecycle and taxonomy (original) (raw)
Related papers
A Framework on botnet deteetion and forensies
—The utilization of Internet on domestic and corporate front has been increasing at drastic rate. Each organization and enterprise exploits the internet to its fullest extent based on its requirements. In almost all areas, internet is proved to be a boon. But sometimes it lands the users into trouble because of un-wanted and uninvited harmful software applications. There are so many types of threats and challenges that are faced by the in-ternet users. Out of all the threats faced by internet users, botnets are at the top most position. Because of these prodigious threats botnets are the rising area of research. Botnet works as a coordinated or synchronized activity where different bots collectively participate to perform a malicious task. The botnet is different from other form of malware in its capability to compromise the computer systems or smartphones to set up a link with command and control(C&C) server controlled by bot controller. Because of the massive participation of compromised machines the losses caused by botnet attack are immeasurable. As a result, different researchers are showing keen interest in the field of botnets. The trend reflects that the number of researches in this field have gone up at tremendous rate in past 5 to 10 years. The present paper proposes a framework to systematically identify the presence of malicious bot, prevent it from spreading further and performing its forensic investigation.
RECENT TRENDS IN BOTNET RESEARCH
With the advent of internet technology and the increased dependency on the internet to carry out financial transactions gave rise to a new generation of malware called botnets. A botnet collectively termed for a network of infected computers or bots are used to carry out various attacks on the internet community. These attacks ranges from DDOS attacks performed on an organization, spamming campaigns, to sample key logging attacks performed on general individuals. Botnets thus are a network of malware infected machines that are under the control of a single or a group of individuals called as the botmasters or botherders. The botmasters sends commands to these infected networks of bots, to which these bots gleefully respond. Botnets are becoming more elaborate and efficient over time and thus the use of botnets is growing at an exponential rate, threatening the average user and business alike.
Ijca Proceedings on International Conference on Recent Trends in Information Technology and Computer Science, 2012
Botnet are network threats that generally occur from cyber attacks, which results in serious threats to our network assets and organization"s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-and-Control (C&C) infrastructure. Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The most important characteristic of botnets is the use of command and control channels through which they can be updated and directed. The target of the botnet attacks on the integrity and resources of users might be multifarious; including the teenagers evidencing their hacking skills to organized criminal syndicates, disabling the infrastructure and causing financial damage to organizations and governments. In this context, it is crucial to know in what ways the system could be targeted. The major advantage of this classification is to identify the problem and find the specific ways of defense and recovery. This paper aims to provide a concise overview of major existing types of Botnets on the basis of attacking techniques.
research.ijcaonline.org
Among the diverse forms of malware, Botnet is the serious threat which occurs commonly in today"s cyber attacks and cyber crimes. Botnet are designed to perform predefined functions in an automated fashion, where these malicious activities ranges from online searching of data, accessing lists, moving files sharing channel information to DDoS attacks against critical targets, phishing, click fraud etc. Existence of command and control(C&C) infrastructure makes the functioning of Botnet unique; in turn throws challenges in the mitigation of Botnet attacks.
Concepts, Methodologies, Tools, and Applications, 2014
The Internet, originally designed in a spirit of trust, uses protocols and frameworks that are not inherently secure. This basic weakness is greatly compounded by the interconnected nature of the Internet, which, together with the revolution in the software industry, has provided a medium for large-scale exploitation, for example, in the form of botnets. Despite considerable recent efforts, Internet-based attacks, particularly via botnets, are still ubiquitous and have caused great damage on both national and international levels. This chapter provides a brief overview of the botnet phenomena and its pernicious aspects. Current governmental and corporate efforts to mitigate the threat are also described, together with the bottlenecks limiting their effectiveness in various countries. The chapter concludes with a description of lines of investigation that could counter the botnet phenomenon.
A Taxonomy of Botnet Structures
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 2007
We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that targeted responses are particularly effective against scale free botnets and efforts to increase the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation and demonstrate the utility of our proposed metrics by performing novel measurements of a P2P network. Our analysis shows how botnets may be classified according to structure and given rank or priority using our proposed metrics. This may help direct responses and suggests which general remediation strategies are more likely to succeed. Major Botnet Utilities Key Metrics Suggested Variables Comment Effectiveness Giant portion S Large numbers of victims increases the likelihood of high-bandwidth bots. Diurnal behavior favors S over total population. Ave. Avail. Bandwidth B Average bandwidth available at any time, because of variations in total victim bandwidth, use by victims, and diurnal changes. Efficiency Diameter l −1 Bots sending messages to each other and coordinating activities require efficient communications. Robustness Local transitivity γ Bots maintaining state (e.g., keycracking or mirroring files) require redundancy to guard against random loss. Highly transitive networks are more robust.
A survey of botnet crimeware life cycle
International Journal of Reasoning-based Intelligent Systems, 2012
The tremendous growth in the use of techniques of computer networks and internet in various life directions have exposed users of computer networks and internet to the risk of penetration by the attackers such as viruses, worms, Trojan horses and botnets. These attacks have a negative impact on the computer network and internet and result in delays due to congestion, extensive loss of network bandwidth as well as Futility and stealing users' computers data and money. One of the most important issues in network security is to deal carefully with existence of bots/botnets. In this research our main interest is to perform a comprehensive study about the risk of botnet (penetrate, detect and prevent botnet) on the computer network and internet.
A Taxonomy of Botnet Behavior, Detection, and Defense
IEEE Communications Surveys & Tutorials, 2014
A number of detection and defense mechanisms have emerged in the last decade to tackle the botnet phenomenon. It is important to organize this knowledge to better understand the botnet problem and its solution space. In this paper, we structure existing botnet literature into three comprehensive taxonomies of botnet behavioral features, detection and defenses. This elevated view highlights opportunities for network defense by revealing shortcomings in existing approaches. We introduce the notion of a dimension to denote different criteria which can be used to classify botnet detection techniques. We demonstrate that classification by dimensions is particularly useful for evaluating botnet detection mechanisms through various metrics of interest. We also show how botnet behavioral features from the first taxonomy affect the accuracy of the detection approaches in the second taxonomy. This information can be used to devise integrated detection strategies by combining complementary approaches. To provide real-world context, we liberally augment our discussions with relevant examples from security research and products.
Botnets: the anatomy of a case
Journal of Information Systems Security (accepted)
Botnets have become the dominant mechanism for launching distributed denial-of-service attacks on computer networks. In a recent incident, the computer network of an organization was attacked and disabled. This attack was initially identified by intrusion detection devices and verified ...