ABSTRACT
Research into defense against botnets, especially countermeasures against the command and control (C&C) protocol, has become increasingly significant as several large-scale botnets have resulted in serious threats on the Internet. However, most existing research efforts lack safe and efficient analysis platforms for C&C protocol fuzzing. Moreover, owing to the complex triggering conditions of botnet behaviors, these analysis platforms are unable to discover some of the "potential" behaviors of bots. To be well prepared for future attacks, increasing number of researchers have begun to study advanced botnet designs that could be developed by botmasters in the near future; however, they need a relatively closed and controllable environment designed by researchers to quantitatively evaluate the capabilities of these next-generation botnets. Consequently, we propose the Hybrid Botnet Ecological Environment (HBEE), which aims to make bots expose as many of their execution paths as possible, in order to mine the C&C protocol vulnerabilities of bots as well as to evaluate the capability of advanced botnets. Our design can also prevent bots from causing harm to the real Internet by malicious flow filtration and C&C server spoofing. Our preliminary results show that HBEE can observe communication actions and produce accurate and comprehensive data about botnet behaviors and advanced botnet capabilities.
- Wang, P., Sparks, S., and Zou, C.C. An advanced hybrid peer to peer botnet. In Proceedings of the First Workshop on Hot Topics in Understanding Botnets. HotBots'07. 2007. Google ScholarDigital Library
- Xiang, C., Binxing, F., Jinqiao, S., Chaoge, L. Botnet triple-channel model: Towards resilient and efficient bidirectional communication botnets. In Security and Privacy in Communication Networks, Springer International Publishing. pp. 53--68, 2013.Google ScholarCross Ref
- John J. P., Moshchuk A., Gribble S.D., and Krishnamurthy A. Studying spamming botnets using Botlab {C}. 6th USENIX Symposium on Network Systems Design and Implementation. Berkeley, CA: USENIX Association, pp. 291--306, 2009. Google ScholarDigital Library
- Chia YC, Juan C. Botnet Infiltration: Finding Bugs in Botnet Command and Control{EB/OL}. 2009{2011--6--10}. http://www.eecs.berkeley.edu/~chiayuan/cs261Google Scholar
Index Terms
- POSTER: A Hybrid Botnet Ecological Environment
Recommendations
POSTER: A Lightweight Unknown HTTP Botnets Detecting and Characterizing System
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityThe ability of the HTTP protocol to bypass Firewalls and IDSs has resulted in it becoming the most popular command and control (C&C) protocol adopted for use by most current botnets. To date, most botnet detection approaches either operate at packet-...
Poster: recoverable botnets: a hybrid C&C approach
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityIn this paper, we introduce the design of Hybot, a botnet which could recover its command and control (C&C) channel in a tolerable delay in case most of critical resources are destroyed. Hybot exploits a hybrid C&C structure, hybrid P2P and URL Flux, to ...
Advanced triple-channel botnets: model and implementation
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityNowadays, most of research on botnet survivability only focuses on the advanced design of downstream (from botmasters to bots, used to deliver commands) command and control (C&C) channel. However, the upstream (from bots to botmasters, used to upload ...
Comments