Open WiFi networks: Lethal weapons for botnets?

This paper assesses the potential for highly mobile botnets to communicate and perform nefarious actions using only open WiFi networks, which we term mobile WiFi botnets. We design and evaluate a proof-of-concept mobile WiFi botnet using real-world mobility traces and actual open WiFi network locations for the urban environment of San Francisco. Our extensive simulation results demonstrate that mobile WiFi botnets can support rapid command propagation, with commands typically reaching over 75% of the botnet only 2 hours after injection-sometimes, within as little as 30 minutes. Moreover, those bots able to receive commands usually have ≈40-50% probability of being able to do so within a minute of the command being issued. Our evaluation results also indicate that even a small mobile WiFi botnet of only 536 bots can launch an effective DDoS attack against poorly protected systems. Furthermore, mobile WiFi botnet traffic is sufficiently distributed across multiple open WiFi networks-with no single network being over-utilized at any given moment-to make detection difficult.

[1]  Lang Tong,et al.  To migrate or to wait: Bandwidth-latency tradeoff in opportunistic scheduling of parallel tasks , 2012, 2012 Proceedings IEEE INFOCOM.

[2]  Ross Oliver Countering SYN Flood Denial-of-Service (DoS) Attacks , 2001 .

[3]  Guofei Gu,et al.  EFFORT: Efficient and effective bot malware detection , 2012, 2012 Proceedings IEEE INFOCOM.

[4]  Christian Bonnet,et al.  VanetMobiSim: generating realistic mobility patterns for VANETs , 2006, VANET '06.

[5]  Song Guo,et al.  Can we beat legitimate cyber behavior mimicking attacks from botnets? , 2012, 2012 Proceedings IEEE INFOCOM.

[6]  Wenke Lee,et al.  Evaluating Bluetooth as a Medium for Botnet Command and Control , 2010, DIMVA.

[7]  Feng Wang,et al.  Accelerating peer-to-peer file sharing with social relations: Potentials and challenges , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  Balachander Krishnamurthy,et al.  Predicting short-transfer latency from TCP arcana: a trace-based validation , 2005, IMC '05.

[9]  Ivan Stojmenovic,et al.  Analysis of Backward Congestion Notification with Delay for Enhanced Ethernet Networks , 2014, IEEE Transactions on Computers.

[10]  Dmitri Loguinov,et al.  On superposition of heterogeneous edge processes in dynamic random graphs , 2012, 2012 Proceedings IEEE INFOCOM.

[11]  Michael J. Neely,et al.  Delay and rate-optimal control in a multi-class priority queue with adjustable service rates , 2012, 2012 Proceedings IEEE INFOCOM.

[12]  Laurent Dupont,et al.  Proactive failure detection for WDM carrying IP , 2012, 2012 Proceedings IEEE INFOCOM.

[13]  Lifeng Sun,et al.  Guiding internet-scale video service deployment using microblog-based prediction , 2012, 2012 Proceedings IEEE INFOCOM.

[14]  Zhuo Lu,et al.  Hiding traffic with camouflage: Minimizing message delay in the smart grid under jamming , 2012, 2012 Proceedings IEEE INFOCOM.

[15]  Wenhan Dai,et al.  Efficient online learning for opportunistic spectrum access , 2012, 2012 Proceedings IEEE INFOCOM.

[16]  H. Vincent Poor,et al.  Cooperative cognitive radio networking using quadrature signaling , 2012, 2012 Proceedings IEEE INFOCOM.

[17]  Injong Rhee,et al.  Revisiting delay-capacity tradeoffs for mobile networks: The delay is overestimated , 2012, 2012 Proceedings IEEE INFOCOM.

[18]  Jianzhong Li,et al.  Lower bound of weighted fairness guaranteed congestion control protocol for WSNs , 2012, 2012 Proceedings IEEE INFOCOM.

[19]  Ping Wang,et al.  Robust threshold design for cooperative sensing in cognitive radio networks , 2012, 2012 Proceedings IEEE INFOCOM.

[20]  Andrea Francini Selection of a rate adaptation scheme for network hardware , 2012, 2012 Proceedings IEEE INFOCOM.

[21]  Marco Gruteser,et al.  Phantom: Physical layer cooperation for location privacy protection , 2012, 2012 Proceedings IEEE INFOCOM.

[22]  Jiannong Cao,et al.  Locating malicious nodes for data aggregation in wireless networks , 2012, 2012 Proceedings IEEE INFOCOM.

[23]  Hanif D. Sherali,et al.  Algorithm design for femtocell base station placement in commercial building environments , 2012, 2012 Proceedings IEEE INFOCOM.

[24]  Mingyan Liu,et al.  Is diversity gain worth the pain: A delay comparison between opportunistic multi-channel MAC and single-channel MAC , 2012, 2012 Proceedings IEEE INFOCOM.

[25]  Jean-Pierre Seifert,et al.  Rise of the iBots: Owning a telco network , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[26]  Tristan Henderson,et al.  CRAWDAD: a community resource for archiving wireless data at Dartmouth , 2005, CCRV.

[27]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[28]  Jie Wu,et al.  Providing hop-by-hop authentication and source privacy in wireless sensor networks , 2012, 2012 Proceedings IEEE INFOCOM.

[29]  Hari Balakrishnan,et al.  A measurement study of vehicular internet access using in situ Wi-Fi networks , 2006, MobiCom '06.

[30]  Atilla Eryilmaz,et al.  Distributed channel probing for efficient transmission scheduling over wireless fading channels , 2012, 2012 Proceedings IEEE INFOCOM.