Zero Botnets: An Observe-Pursue-Counter Approach

Adversarial Internet robots (botnets) represent a growing threat to the safe use and stability of the Internet. Botnets can play a role in launching adversary reconnaissance (scanning and phishing), influence operations (upvoting), and financing operations (ransomware, market manipulation, denial of service, spamming, and ad click fraud) while obfuscating tailored tactical operations. Reducing the presence of botnets on the Internet, with the aspirational target of zero, is a powerful vision for galvanizing policy action. Setting a global goal, encouraging international cooperation, creating incentives for improving networks, and supporting entities for botnet takedowns are among several policies that could advance this goal. These policies raise significant questions regarding proper authorities/access that cannot be answered in the abstract. Systems analysis has been widely used in other domains to achieve sufficient detail to enable these questions to be dealt with in concrete terms. Defeating botnets using an observe-pursue-counter architecture is analyzed, the technical feasibility is affirmed, and the authorities/access questions are significantly narrowed. Recommended next steps include: supporting the international botnet takedown community, expanding network observatories, enhancing the underlying network science at scale, conducting detailed systems analysis, and developing appropriate policy frameworks. Solarium Report [1] Physical World Red (Adversary) Cyberspace Blue (Frie ndly) Cyb erspace Gray (Neutral) Cyberspace Public-private partnerships based on a shared situational awareness, combined action, and full support of governments in defense of the private sector. An international community that observes and enforces norms of responsible state behavior. 30 Cyberspace Solarium Commission STRATEGIC APPROACH: LAYERED CYBER DETERRENCE Layered cyber deterrence is the bluepri t that the government and American public need to build bridges across government agencies, international partners, and most importantly the private sector in order to secure American networks in cyberspace. It is the best way for the government to implement new authorities and take appropriate proportional action that builds national resilience as well as disrupts, defeats, and deters active cyber campaigns, including those targeting critical economic and political institutions like election systems.157 To translate layered dete rence into a tion requires three lines of e!ort organized into six pillars and more than 75 supporting recommendations that enhance the ability of the U.S. government to shape adversary behavior, deny bene"ts, and impose costs. Defend forward spans all three lines of e!ort to identify, isolate, and counter threats consistent with existing authorities and legal frameworks. Layered Cyber Deterrence CURRENT STATE APPROACH PILLARS DESIRED END STATES Adversaries are conducting cyber campaigns that target U.S. networks in cyberspace and threaten American safety and security, economic interests, political institutions, and ability to project military power. The U.S. government has the authorities but lacks the optimal structure and relationships with the private sector and other partners to achieve a unity of effort at the scale required to defend forward. Shape Behavior Foundation: Reform the U.S. Government Structure and Organization for Cyberspace Strengthen Norms and Nonmilitary Tools A digital environment that is safe and stable, promot s c ntinued innovation and economic growth, protects personal privacy, ensures national security, and does so by building: • An international community that observes and enforces norms of responsible state behavior • Critical elements of national power and infrastructure that are secure, resilient, and supported by a defensible digital ecosystem • Public-private partnerships based on a shared situational awareness, combined action, and full support of the U.S. government in defense of the private sector • An agile, proactive U.S. government organized to rapidly and concurrently employ every instrument of national power in defense of cyberspace and to generate deterrent options tailored to each adversary • A cyber force equipped with the resources, capabilities, and processes to maneuver and rapidly engage adversaries in and through cyberspace Deny Benefits Promote National Resilience Reshape the Cyber Ecosystem toward Greater Security Operationalize Cybersecurity Collaboration with the Private Sector Impose Costs Preserve and Employ the Military Instrument of Power The proactive observing, pursuing, and countering of adversary operations and imposing of costs in a day-to-day competition to disrupt and defeat ongoing malicious adversary cyber campaigns, deter future campaigns, and reinforce favorable international norms of behavior.

[1]  William J. Buchanan,et al.  An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks , 2021, Sensors.

[2]  Mohammed Fadhel Aljunid,et al.  Review of Current Machine Learning Approaches for Anomaly Detection in Network Traffic , 2020, Journal of Telecommunications and the Digital Economy.

[3]  Giovane C. M. Moura,et al.  Clouding up the Internet: how centralized is DNS traffic becoming? , 2020, Internet Measurement Conference.

[4]  Elie Bursztein,et al.  Who is targeted by email-based phishing and malware?: Measuring factors that differentiate risk , 2020, Internet Measurement Conference.

[5]  Amir Djenna,et al.  A Pragmatic Cybersecurity Strategies for Combating IoT-Cyberattacks , 2020, 2020 International Symposium on Networks, Computers and Communications (ISNCC).

[6]  Michael J. Jones,et al.  Multi-Temporal Analysis and Scaling Relations of 100,000,000,000 Network Packets , 2020, 2020 IEEE High Performance Extreme Computing Conference (HPEC).

[7]  Liming Chen,et al.  Privacy Risk Awareness in Wearables and the Internet of Things , 2020, IEEE Pervasive Computing.

[8]  Dong Hyun Jeong,et al.  Evaluating visualization approaches to detect abnormal activities in network traffic data , 2020, International Journal of Information Security.

[9]  Ítalo S. Cunha,et al.  Internet Performance from Facebook's Edge , 2019, Internet Measurement Conference.

[10]  Jeremy Kepner,et al.  Hypersparse Neural Network Analysis of Large-Scale Internet Traffic , 2019, 2019 IEEE High Performance Extreme Computing Conference (HPEC).

[11]  Elias Bou-Harb,et al.  Survey of Attack Projection, Prediction, and Forecasting in Cyber Security , 2019, IEEE Communications Surveys & Tutorials.

[12]  Jure Leskovec,et al.  How Powerful are Graph Neural Networks? , 2018, ICLR.

[13]  Michele Colajanni,et al.  On the effectiveness of machine and deep learning for cyber security , 2018, 2018 10th International Conference on Cyber Conflict (CyCon).

[14]  Alberto Dainotti,et al.  Millions of targets under attack: a macroscopic characterization of the DoS ecosystem , 2017, Internet Measurement Conference.

[15]  Jeremy Kepner,et al.  Benchmarking SciDB data import on HPC systems , 2016, 2016 IEEE High Performance Extreme Computing Conference (HPEC).

[16]  Jeremy Kepner,et al.  Achieving 100,000,000 database inserts per second using Accumulo and D4M , 2014, 2014 IEEE High Performance Extreme Computing Conference (HPEC).

[17]  Justin Clarke What Is SQL Injection , 2009 .

[18]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.