Study on Advanced Botnet Based on Publicly Available Resources

In recent years, botnets continue to be an ever-increasing threat on the Internet. To be well prepared for future attacks and ensure the cyberspace security, defenders take more attention on advanced botnet designs that could be used by botmasters. In this paper, we design an advanced botnet based on publicly available resources, and implement its prototype system, which is named as PR-Bot. First of all, in terms of system design, PR-Bot is completely constructed based on the third-party publicly available resources and supports the bidirectional communication between the control end and the controlled end. At the same time, the system’s command and control (C&C) channel consists of three sub-channels: command control channel (CC channel), command addressing (CA channel) and result feedback (RF channel), making it extremely robust and concealed. Secondly, in terms of defense technology, this paper proposes the targeted defense strategies from the perspective of detection, measurement and tracking, so as to achieve the goal of combating against such botnets. In short, the ultimate purpose of this paper is not to design a highly harmful botnet, but to accurately predict the techniques that the botnet may adopt in the future and assess its new threats from the point of attack and defense.

[1]  David M. Nicol,et al.  The Koobface botnet and the rise of social malware , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[2]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[3]  John McHugh,et al.  Sybil attacks as a mitigation strategy against the Storm botnet , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[4]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[5]  Guanhua Yan,et al.  AntBot: Anti-pollution peer-to-peer botnets , 2011, Comput. Networks.

[6]  Jong Kim,et al.  Fluxing botnet command and control channels with URL shortening services , 2013, Comput. Commun..

[7]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[8]  Wei Jiang,et al.  Botnet: Survey and Case Study , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[9]  Thorsten Holz,et al.  As the net churns: Fast-flux botnet observations , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[10]  Guevara Noubir,et al.  OnionBots: Subverting Privacy Infrastructure for Cyber Attacks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[11]  Guo Yunchuan,et al.  Presentation: Botnet Triple-Channel Model: Towards Resilient and Efficient Bidirectional Communication Botnets , 2013 .

[12]  Feng Hao,et al.  ZombieCoin 2.0: managing next-generation botnets using Bitcoin , 2018, International Journal of Information Security.

[13]  Reza Sharifnya,et al.  DFBotKiller: Domain-flux botnet detection based on the history of group activities and failures in DNS traffic , 2015, Digit. Investig..

[14]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[15]  Yifei Hu,et al.  Progress in Command and Control Server Finding Schemes of Botnet , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[16]  Nikita Borisov,et al.  Stegobot: A Covert Social Network Botnet , 2011, Information Hiding.

[17]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[18]  Fang Binxing,et al.  Andbot: towards advanced mobile botnets , 2011 .

[19]  Sandeep Yadav,et al.  Detecting algorithmically generated malicious domain names , 2010, IMC '10.