DUSTBot: A duplex and stealthy P2P-based botnet in the Bitcoin network

As the root cause of illegal cyber activities, botnets are evolving continuously over the last two decades. Current researches on botnet command and control mechanism based on blockchain network suffer from high economic cost, single point of failure, and limited scalability. In this paper, we present DUSTBot, a novel P2P botnet model based on Bitcoin transactions to prepare for new cyber threats. Specifically, a covert, duplex, and low-cost command and control (C&C) channel in the Bitcoin network is presented in our work. DUSTBot uses the Bitcoin main network as the downstream channel while using the Bitcoin testnet as the upstream channel. Furthermore, the peer list exchange algorithm based on the Ethereum block hash proposed in this paper is effective against routing table poisoning attack and P2P botnet crawling. The robustness of DUSTBot against node removal is studied through constructing the botnet with a P2P simulator. We deploy the implementation of DUSTBot on cloud platforms to test its feasibility and performance. Moreover, the stealthiness of DUSTBot and the effectiveness of the proposed peer list exchange algorithm are evaluated. The results demonstrate the feasibility, performance, stealthiness, and robustness of DUSTBot. In the end, possible countermeasures are discussed to mitigate similar threats in the future.

[1]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[2]  Bo Yuan,et al.  Covert Channel in the BitTorrent Tracker Protocol , 2012 .

[3]  Björn Scheuermann,et al.  Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies , 2016, IEEE Communications Surveys & Tutorials.

[4]  Wenke Lee,et al.  Beheading hydras: performing effective botnet takedowns , 2013, CCS.

[5]  Chunfu Jia,et al.  A learning evasive email-based P2P-like botnet , 2018, China Communications.

[6]  Mohammad Iftekhar Husain,et al.  Covert Botnet Command and Control Using Twitter , 2015, ACSAC.

[7]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[8]  Feng Hao,et al.  ZombieCoin 2.0: managing next-generation botnets using Bitcoin , 2018, International Journal of Information Security.

[9]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[10]  Lei Wu,et al.  A Systematic Study on Peer-to-Peer Botnets , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[11]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[12]  Herbert Bos,et al.  SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Lambert J. M. Nieuwenhuis,et al.  Business Model of a Botnet , 2018, 2018 26th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP).

[14]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[15]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[16]  David Dittrich Discovery techniques for P 2 P botnets , 2008 .

[17]  Zainab Abaid,et al.  SDN-inspired, real-time botnet detection and flow-blocking at ISP and enterprise-level , 2015, 2015 IEEE International Conference on Communications (ICC).

[18]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[19]  Herbert Bos,et al.  Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus , 2013, 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE).

[20]  Marco Balduzzi,et al.  Take a Deep Breath: A Stealthy, Resilient and Cost-Effective Botnet Using Skype , 2010, DIMVA.

[21]  Nikita Borisov,et al.  Stegobot: A Covert Social Network Botnet , 2011, Information Hiding.

[22]  Feng Hao,et al.  ZombieCoin: Powering Next-Generation Botnets with Bitcoin , 2015, Financial Cryptography Workshops.

[23]  Jong Kim,et al.  Fluxing botnet command and control channels with URL shortening services , 2013, Comput. Commun..

[24]  Christopher Krügel,et al.  Overbot: a botnet protocol based on Kademlia , 2008, SecureComm.

[25]  Shankar Karuppayah Advanced Monitoring in P2P Botnets , 2018, SpringerBriefs on Cyber Security Systems and Networks.

[26]  Xiang Cui,et al.  A recoverable hybrid C&C botnet , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[27]  Márk Jelasity,et al.  PeerSim: A scalable P2P simulator , 2009, 2009 IEEE Ninth International Conference on Peer-to-Peer Computing.

[28]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[29]  Sven Dietrich,et al.  Analysis of the Storm and Nugache Trojans: P2P Is Here , 2007, login Usenix Mag..

[30]  Max Mühlhäuser,et al.  Zeus Milker: Circumventing the P2P Zeus Neighbor List Restriction Mechanism , 2015, 2015 IEEE 35th International Conference on Distributed Computing Systems.

[31]  Proceedings of the 31st Annual Computer Security Applications Conference, Los Angeles, CA, USA, December 7-11, 2015 , 2015, ACSAC.

[32]  Max Mühlhäuser,et al.  On advanced monitoring in resilient and unstructured P2P botnets , 2014, 2014 IEEE International Conference on Communications (ICC).

[33]  Zibin Zheng,et al.  An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends , 2017, 2017 IEEE International Congress on Big Data (BigData Congress).

[34]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[35]  Guofei Gu,et al.  A Large-Scale Empirical Study of Conficker , 2012, IEEE Transactions on Information Forensics and Security.

[36]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[37]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[38]  Di Wu,et al.  SLBot: A Serverless Botnet Based on Service Flux , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).

[39]  Wei Chen,et al.  CloudBot: Advanced mobile botnets using ubiquitous cloud technologies , 2017, Pervasive Mob. Comput..

[40]  Guevara Noubir,et al.  OnionBots: Subverting Privacy Infrastructure for Cyber Attacks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.