Agent‐based simulation of cooperative defence against botnets

The paper outlines a framework and software tool intended for simulation of cooperative defence mechanisms against botnets. These framework and software tool are based on agent‐oriented approach and packet‐level network simulation. They are intended to evaluate and compare different cooperative distributed attacks and defence mechanisms. Botnet and defence components are represented in the paper as a set of collaborating and counteracting agent teams. Agents are supposed to collect information from various network sources, operate different situational knowledge, and react to actions of other agents. The paper describes the results of experiments aimed to investigate botnets and distributed denial of service defence mechanisms. We explore various botnet attacks and counteraction against them on the example of defence against distributed denial of service attacks. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[2]  Abhishek Gupta,et al.  APHIDS++: Evolution of A Programmable Hybrid Intrusion Detection System , 2005, MATA.

[3]  Igor V. Kotenko,et al.  Agent Teams in Cyberspace: Security Guards in the Global Internet , 2006, 2006 International Conference on Cyberworlds.

[4]  Michael J. North,et al.  Tutorial on Agent-Based Modeling and Simulation PART 2: How to Model with Agents , 2006, Proceedings of the 2006 Winter Simulation Conference.

[5]  Michael Scharf,et al.  Realistic simulation environments for IP-based networks , 2008, SimuTools.

[6]  Yang Xiao,et al.  Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures , 2009, EURASIP J. Wirel. Commun. Netw..

[7]  M. Abliz Internet Denial of Service Attacks and Defense Mechanisms , 2011 .

[8]  Charles M. Macal,et al.  Tutorial on agent-based modelling and simulation , 2005, Proceedings of the Winter Simulation Conference, 2005..

[9]  Ramesh Govindan,et al.  COSSACK: Coordinated Suppression of Simultaneous Attacks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[10]  Mohsen Guizani,et al.  Network Modeling and Simulation: A Practical Perspective , 2010 .

[11]  D. Dasgupta The Use of Agent Technology for Intrusion Detection , 2005 .

[12]  Yong Tang,et al.  Slowing down Internet worms , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[13]  Nuno David,et al.  Requirements Analysis of Agent-Based Simulation Platforms: State of the Art and New Prospects , 2002, MABS.

[14]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[15]  Klaus Wehrle,et al.  Modeling and Tools for Network Simulation , 2010, Modeling and Tools for Network Simulation.

[16]  Michal Pechoucek,et al.  Adaptive Multiagent System for Network Traffic Monitoring , 2009, IEEE Intelligent Systems.

[17]  Michal Pechoucek,et al.  Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems , 2005, AAMAS 2005.

[18]  Donghui Guo,et al.  Agent-based Intrusion Detection For Network-based Application , 2009, Int. J. Netw. Secur..

[19]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[20]  Igor V. Kotenko,et al.  Multi-agent Framework for Simulation of Adaptive Cooperative Defense Against Internet Attacks , 2007, AIS-ADM.

[21]  Mitsuaki Akiyama,et al.  A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[22]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[23]  Imane Aly Saroit,et al.  IDSUDA: An Intrusion Detection System Using Distributed Agents , 2006 .

[24]  R. J. Zheng,et al.  Mobile Agents for Network Intrusion Resistance , 2006, APWeb Workshops.

[25]  Igor V. Kotenko,et al.  Simulation of Botnets: Agent-Based Approach , 2010, IDC.

[26]  Sarit Kraus,et al.  Collaborative Plans for Complex Group Action , 1996, Artif. Intell..

[27]  Jelena Mirkovic,et al.  Distributed Defense Against DDoS Attacks , 2004 .

[28]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[29]  Guofei Gu,et al.  A Taxonomy of Botnet Structures , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[30]  Priya Mahadevan,et al.  Lessons from Three Views of the Internet Topology , 2005, ArXiv.

[31]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[32]  Srikanth Sundaragopalan,et al.  High-fidelity modeling of computer network worms , 2004, 20th Annual Computer Security Applications Conference.

[33]  Suresh Singh,et al.  An Algorithm for Anomaly-based Botnet Detection , 2006, SRUTI.

[34]  Milind Tambe,et al.  Conflicts in teamwork: hybrids to the rescue , 2005, AAMAS '05.