论文信息 - Defending from Stealthy Botnets Using Moving Target Defenses

Defending from Stealthy Botnets Using Moving Target Defenses

In today’s IT landscape, organizations are increasingly exposed to an array of novel and sophisticated threats—including advanced persistent threats (APTs) and distributed denial-of-service (DDoS) attacks—which can bypass traditional defenses and persist in target systems indefinitely. Threat actors often rely on networks of compromised and remotely controlled hosts, known as botnets, to execute a number of different cyberattacks and engage in criminal or unauthorized activities. Protecting sensitive and mission-critical data from competitors, state actors, and organized crime has become increasingly critical for the well-being of many organizations. A promising approach to botnet detection and mitigation relies on moving target defense (MTD), a novel and game-changing approach to cyber defense. MTD creates asymmetric uncertainty, providing the defender with a tactical advantage over the attacker. MTD techniques are designed to continuously change or shift a system’s attack surface, thus increasing cost and complexity for the threat actors. We show how the botnet detection and mitigation problem can be decomposed in three related and relatively simpler challenges, and how these challenges can be effectively tackled adopting an MTD approach, ultimately limiting the ability of a botnet to persist within a target system.

[1] Ali A. Ghorbani,et al. Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.

[2] Abhijit Gosavi,et al. Simulation-Based Optimization: Parametric Optimization Techniques and Reinforcement Learning , 2003 .

[3] Xiapu Luo,et al. Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.

[4] John C. Mitchell,et al. Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods , 2008, WOOT.

[5] Vinod Yegneswaran,et al. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[6] Sushil Jajodia,et al. Detecting Stealthy Botnets in a Resource-Constrained Environment using Reinforcement Learning , 2017, MTD@CCS.

[7] Sushil Jajodia,et al. A Moving Target Defense Approach to Disrupting Stealthy Botnets , 2016, MTD@CCS.

[8] Jeannette M. Wing,et al. An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.