A Self-healing Framework for Enterprise networks to combat Botnets infections

Cybercrime costs governments, businesses and individuals a total loss of about $500 billion annually. This makes it one of the most profitable crimes in the world. Botnet is one of the most prominent tools used by cybercriminals to infect or compromise computer networks and steal important information. Infecting a computer is relatively easy nowadays with malware that propagates through social networking in addition to the traditional methods like SPAM messages and email attachments. In fact, about 1/3 of all computers in the world are infected by malware which makes them susceptible to botnet exploitation. It is therefore important that anti-botnet solutions are implemented at all levels in a network. In this paper we present a self-healing based framework implemented in an Enterprise Network. Our design is inspired by how the human immune system adapts and defends against new attacks. We present the Self-healing architecture, the detailed modules used in the design and how they interact with each other to defend against the impact of botnet infections in the enterprise network.

[1]  Steve Mansfield-Devine Battle of the botnets , 2010, Netw. Secur..

[2]  Heejo Lee,et al.  Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[3]  Irfan-Ullah Awan,et al.  Performance Evaluation Study of Intrusion Detection Systems , 2011, ANT/MobiWIS.

[4]  Norbik Bashah Idris,et al.  Analysis and detection of P2P Botnet connections based on node behaviour , 2011, 2011 World Congress on Information and Communication Technologies.

[5]  Guang Yang,et al.  An improved SMS based heterogeneous mobile botnet model , 2011, 2011 IEEE International Conference on Information and Automation.

[6]  Thomas A. Corbi,et al.  The dawning of the autonomic computing era , 2003, IBM Syst. J..

[7]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[8]  Debanjan Ghosh,et al.  Self-healing systems - survey and synthesis , 2007, Decis. Support Syst..

[9]  David M. Nicol,et al.  The Koobface botnet and the rise of social malware , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[10]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[11]  Suresh Singh,et al.  An Algorithm for Anomaly-based Botnet Detection , 2006, SRUTI.

[12]  Roy H. Campbell,et al.  Building a Self-Healing Operating System , 2007, Third IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC 2007).

[13]  Amin Mehdipour,et al.  Comprehensive review and selection criteria for virtual network computing technology , 2012, 2012 Ninth International Conference on Wireless and Optical Communications Networks (WOCN).

[14]  Steve Gold,et al.  Taking down botnets , 2011, Netw. Secur..

[15]  Nguyen H. Vo,et al.  Protecting Web 2.0 Services from Botnet Exploitations , 2010, 2010 Second Cybercrime and Trustworthy Computing Workshop.

[16]  Martin Lukasiewycz,et al.  Reliability-Aware System Synthesis , 2007 .

[17]  Helen J. Wang,et al.  Characterizing Botnets from Email Spam Records , 2008, LEET.

[18]  G. Aghila,et al.  Detection of fast flux network based social bot using analysis based techniques , 2012, 2012 International Conference on Data Science & Engineering (ICDSE).

[19]  Charles A. Janeway,et al.  INAUGURAL ARTICLE by a Recently Elected Academy Member:How the immune system works to protect the host from infection: A personal view , 2001 .

[20]  Hossein Rouhani Zeidanloo,et al.  Botnet detection based on traffic monitoring , 2010, 2010 International Conference on Networking and Information Technology.

[21]  Kevin W. Hamlen,et al.  Flow-based identification of botnet traffic by mining multiple log files , 2008, 2008 First International Conference on Distributed Framework and Applications.

[22]  R. Kashyap,et al.  The New Era of Botnets , 2012 .

[23]  Zhuo Lu,et al.  How can botnets cause storms? Understanding the evolution and impact of mobile botnets , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[24]  Mitsuaki Akiyama,et al.  A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[25]  John Canavan,et al.  The evolution of malicious IRC bots , 2005 .

[26]  Rik Ferguson,et al.  The Botnet Chronicles A Journey to Infamy , 2010 .

[27]  Chia-Mei Chen,et al.  Web botnet detection based on flow information , 2010, 2010 International Computer Symposium (ICS2010).

[28]  Wei Jiang,et al.  Botnet: Survey and Case Study , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).