Identifying and Exploiting the Cyber High Ground for Botnets
暂无分享,去创建一个
For over 2000 years, military strategists have recognized the importance of capturing and holding the physical “high ground.” As cyber warfare strategy and tactics mature, it is important to explore the counterpart of “high ground” in the cyber domain. To this end, we develop the concept for botnet operations. Botnets have gained a great deal of attention in recent years due to their use in criminal activities. The criminal goal is typically focused on stealing information, hijacking resources, or denying service from legitimate users. In such situations, the scale of the botnet is of key importance. Bigger is better. However, several recent botnets have been designed for industrial or national espionage. These attacks highlight the importance of where the bots are located, not only how many there are. Just as in kinetic warfare, there is a distinct advantage to identifying, controlling, and exploiting an appropriately defined high ground. For targeted denial of confidentiality, integrity, and availability attacks thecyber high ground can be defined and realized in a physical network topology. An attacker who controls this cyber high ground gains a superior capability to achieve his mission objectives. Our results show that such an attacker may reduce their botnet’s footprint and increase its dwell time by up to 87 % and 155× respectively over a random or ill-informed attacker.
[1] Guofei Gu,et al. A Taxonomy of Botnet Structures , 2007, ACSAC.
[2] Ratul Mahajan,et al. Measuring ISP topologies with rocketfuel , 2002, TNET.
[3] Richard M. Karp,et al. Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.
[4] Farnam Jahanian,et al. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.
[5] Wenke Lee,et al. Botnet Detection: Countering the Largest Security Threat , 2010, Botnet Detection.