ABSTRACT
Botnets are a form of cyber threat responsible for massive Distributed Denial of Service (DDoS) attacks, delivery of malicious payloads like ransomware, and dissemination of spam which might be used for phishing. Botnets are closely associated with the Internet of Things (IoT), particularly IoT devices, which when compromised can become part of a botnet. The incredible increase in IoT devices and the close relationship of botnets to other attacks cause botnets to be a significant source of cyber threat. Because botnets are complex and evolving, their detection and mitigation has remained a challenge. To address that challenge, models have been constructed for simulation and analysis. This paper will examine existing botnet models and their role in improving mitigation.
- Akinrolabu, O., Agrafiotis, I., & Erola, A. (2018). The challenge of detecting sophisticated attacks: Insights from SOC analysts. Proceedings of the International Conference on Availability, Reliability and Security (ARES'18), Hamburg, Germany, 55, 1--9. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Allcott, H., & Gentzkow, M. (2017). Social media and fake news in the 2016 election. The Journal of Economic Perspectives, 31(2), 211--235.Google ScholarCross Ref
- Bottazzi, G., & Me, G. (2014). The botnet revenue model. Proceedings of the 7th International Conference on Security of Information and Networks (SIN '14), Glasgow, Scotland, UK, 459--465. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Cerchiello, P., & Giudici, P. (2012). Non parametric statistical models for on-line text classification. Advances in Data Analysis and Classification, 6(4), 277--288.Google ScholarCross Ref
- Chowdhury, S., Khanzadeh, M., Akula, R., Zhang, F., Zhang, S., Medal, H., Marufuzzaman, & Bian, L. (2017). Botnet detection using graph-based feature clustering. Journal of Big Data, 4(1), 1--23.Google ScholarCross Ref
- Divita, J., & Hallman, R. (2017). An approach to botnet malware detection using nonparametric Bayesian methods. Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES'17), Reggio Calabria, Italy, 75, 1--9. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- El Mir, I., Kim, D., & Haqiq, A. (2017). Towards a stochastic model for integrated detection and filtering of DoS attacks in cloud environments. Proceedings of the 2nd International Conference on Big Data, Cloud and Applications (BDCA'17), Tetouan, Morocco, 10, 1--6. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- European Union Agency for Network and Information Security (ENISA). (2019). ENISA threat landscape report 2018: 15 top cyber-threats and trends. Heraklion: ENISA.Google Scholar
- Ganguli, S., & Friedman, T. (2017). IoT technology disruptions: A Gartner trend insight report (Report ID G00331334). Stamford, CT: Gartner. https://www.gartner.com/en/doc/3738060-iot-technology-disruptionsGoogle Scholar
- Great Internet Mersenne Prime Search (GIMPS). (2018). GIMPS history. GIMPS. https://www.mersenne.org/various/history.phpGoogle Scholar
- Hogben, G. (Ed.), Plohmann, D., Gerhards-Padilla, E., Leder, F. (2011). Botnets: Measurement, Detection, Disinfection and Defense. Heraklion: ENISAGoogle Scholar
- Honeynet Project. (2004). Know your enemy; learning about security threats (2nd ed.). Boston, MA: Addison-Wesley.Google Scholar
- Faloutsos, M. (2013). Detecting malware with graph-based methods: traffic classification, botnets, and Facebook scams. Proceedings of the 22nd International Conference on World Wide Web (WWW '13 Companion), Rio de Janeiro, Brazil, 495--496. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Feily, M., Shahrestani, A., & Ramadass, S. (2009). A survey of botnet and botnet detection. Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE '09), Athens/Glyfada, Greece, 268--273. Washington, DC: IEEE Computer Society. Google ScholarDigital Library
- Grizzard, J., Sharma, V., Nunnery, C., Kang, B., & Dagon, D. (2007). Peer-to-peer botnets: overview and case study. Proceedings of the First Conference on Hot Topics in Understanding Botnets (HotBots'07). Cambridge, MA, 1(1). Berkeley, CA: USENIX Association. Google ScholarDigital Library
- Hoang, X., & Nguyen, Q. (2018). Botnet detection based on machine learning techniques using DNS query data. Future Internet, 10, 43.Google ScholarCross Ref
- Iliofotou, M., Pappu, P., Faloutsos, M., Mitzenmacher, M., Singh, S., & Varghese, G. (2007). Network monitoring using traffic dispersion graphs (TDGs). Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC '07), San Diego, CA, 315--320. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Internet Society. (2015). Policy brief: Botnets. Reston, VA: Internet Society.Google Scholar
- Jerkins, J., & Stupiansky, J. (2018). Mitigating IoT insecurity with inoculation epidemics. Proceedings of the ACMSE 2018 Conference (ACMSE '18), Richmond, KY, 4, 1--6. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Kephart, J., & White, S. (1993). Measuring and modeling computer virus prevalence. Proceedings of the 1993 IEEE Computer Security Symposium on Research in Security and Privacy, Oakland, CA, 2--15. New York, NY: Institute of Electrical and Electronic Engineers (IEEE). Google ScholarDigital Library
- Khosroshahy, M., Ali, M.K.M., & Qiu, D. (2013). The SIC botnet lifecycle model: A step beyond traditional epidemiological models. Computer Networks, 57(2), 404--421. Google ScholarDigital Library
- Kolokoltsov, V. N., & Bensoussan, A. (2016). Mean-field-game model for botnet defense in cyber-security. Applied Mathematics & Optimization, 74(3), 669--692.Google ScholarCross Ref
- Korpela, E., Werthimer, D., Anderson, D., Cobb, J., & Leboisky, M. (2001). SETI@home-massively distributed computing for SETI. Computing in Science & Engineering, 3(1), 78--83. Google ScholarDigital Library
- Laurent, G. (2018, October 4). What is bot management? ORACLE Dyn. https://dyn.com/blog/what-is-bot-management/Google Scholar
- Li, Z., & Liao, Q. (2014). Toward a monopoly botnet market. Information Security Journal: A Global Perspective, 23(4-6), 159--171.Google ScholarDigital Library
- Li, Z., Liao, Q., Striegel, A. (2009) Botnet economics: Uncertainty matters. In Johnson, M. E. (Ed.) Managing information risk and the economics of security. (pp. 245--267). Springer, Boston, MAGoogle ScholarCross Ref
- Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., & Zhang, J. (2009). Botnet: Classification, attacks, detection, tracing, and preventive measures. EURASIP Journal on Wireless Communications and Networking, 2009(1), 1--11. Google ScholarDigital Library
- Lu, C., & Brooks, R. (2011). Botnet traffic detection using hidden Markov models. Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research (CIIRW'11), Oak Ridge, TN, 31. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Rodríguez-Gómez, R., Maciá-Fernández, G., & García-Teodoro, P. (2013). Survey and taxonomy of botnet research through life-cycle. ACM Computing Surveys (CSUR), 45(4), 1--33. Google ScholarDigital Library
- Silva, S. S. C., Silva, R. M. P., Pinto, R. C. G., & Salles, R. M. (2013). Botnets: A survey. Computer Networks, 57(2), 378--403. Google ScholarDigital Library
- Song, L., Jin, Z., Sun, G. (2011). Modeling and analyzing of botnet interactions. Physica A: Statistical Mechanics and its Applications, 390(2), 347--358.Google Scholar
- Spitz, D., & Hunter, S. D. (2005). Contested codes: The social construction of Napster. The Information Society, 21(3), 169--180.Google ScholarCross Ref
- Tedeschi, L. (2006) Assessment of the adequacy of mathematical models. Agricultural Systems, 89(2-3), 225--247.Google ScholarCross Ref
- Turiel, A. (2017, July 17). Legitimate botnets do exist. Cyren. https://www.cyren.com/blog/articles/legitimate-botnets-do-existGoogle Scholar
- van Roosmalen, J., Vranken, H., van Eekelen, M. (2018). Applying deep learning on packet flows for botnet detection. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC '18), Pau, France, 1629--1636. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
- Venkatachalam, N., & Anitha, R. (2017). A multi-feature approach to detect stegobot: A covert multimedia social network botnet. Multimedia Tools and Applications, 76(4), 6079--6096. Google ScholarDigital Library
- Wang, Y., Ma, J., Zhang, L., Ji, W., Lu, D., & Hei, X. (2016). Dynamic game model of botnet DDoS attack and defense. Security and Communication Networks, 9(16), 3127--3140. Google ScholarDigital Library
- Wüchner, T., Ochoa, M., Golagha, M., Srivastava, G., Schreck, T., & Pretschner, A. (2016). MalFlow: Identification of C&C servers through host-based data flow profiling. Proceedings of the 31st Annual ACM Symposium on Applied Computing (SAC'16), Pisa, Italy, 2087--2094. New York, NY: Association for Computing Machinery (ACM). Google ScholarDigital Library
Index Terms
- An Analysis of Botnet Models
Recommendations
Your botnet is my botnet: analysis of a botnet takeover
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityBotnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is ...
A Survey of Botnet and Botnet Detection
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesAmong the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical ...
Analysis of Botnet Counter-Counter-Measures
CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research ConferenceBotnets evolve quickly to outwit police and security researchers. Since they first appeared in 1993, there have been significant botnet countermeasures. Unfortunately, countermeasures, especially takedown operations, are not particularly effective. They ...
Comments