A botnet-based command and control approach relying on swarm intelligence

Survivability and scalability are the main emerging challenges in command and control of ubiquitous networked entities operating in untrusted communication scenarios, due to the increasing sophistication of the detection and mitigation/defeating techniques together with the increasing number of elements to be controlled and their distribution over multiple heterogeneous communication infrastructures. Accordingly, this work focuses on a new more robust and scalable botnet-based command and control architecture, aiming at wiping off any rigid master-slave relationship and autonomizing the bot operating roles, with significant agility gains in the whole overlay communication infrastructure. It relies on swarm intelligence and in particular on stigmergic communication, ensuring spontaneous, implicit coordination and collaboration among the independent bot agents. The resulting architecture presents improved fault tolerance and dynamic adaptation to varying network conditions, by propagating control messages to any bot node through multiple short-range hops structured according to a dynamically built Degree Constrained Minimum Spanning Tree, whose distributed calculation is inspired to ant colony's foraging behavior. For this reason, it may constitute the basis for an evolutionary malware-based control and management scheme that can be used in several homeland security/defense scenarios where the botnet technology may be used as a support tool in strategic military or intelligence operations.

[1]  P. Erdos,et al.  On the evolution of random graphs , 1984 .

[2]  Alfredo De Santis,et al.  An asynchronous covert channel using spam , 2012, Comput. Math. Appl..

[3]  Beat Kleiner,et al.  Graphical Methods for Data Analysis , 1983 .

[4]  J. -P. Kronenberger,et al.  Food neophobia in wild and laboratory mice (Mus musculus domesticus) , 1985, Behavioural Processes.

[5]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[6]  Francesco Palmieri,et al.  Providing true end-to-end security in converged voice over IP infrastructures , 2009, Comput. Secur..

[7]  John Aycock,et al.  Army of Botnets , 2007, NDSS.

[8]  Thang Nguyen Bui,et al.  An ant-based algorithm for finding degree-constrained minimum spanning tree , 2006, GECCO.

[9]  T. Holz,et al.  Towards Next-Generation Botnets , 2008, 2008 European Conference on Computer Network Defense.

[10]  A. Rbnyi ON THE EVOLUTION OF RANDOM GRAPHS , 2001 .

[11]  B. Bollobás The evolution of random graphs , 1984 .

[12]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[13]  Francis Heylighen,et al.  Accelerating Socio-Technological Evolution: from ephemeralization and stigmergy to the global brain , 2007, ArXiv.

[14]  Alfredo De Santis,et al.  An Enhanced Firewall Scheme for Dynamic and Adaptive Containment of Emerging Security Threats , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[15]  H. Van Dyke Parunak,et al.  A Survey of Environments and Mechanisms for Human-Human Stigmergy , 2005, E4MAS.

[16]  Pin-Han Ho,et al.  Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks , 2009, J. Netw. Comput. Appl..

[17]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[18]  Xianghua Deng,et al.  An Improved Ant-Based Algorithm for the Degree-Constrained Minimum Spanning Tree Problem , 2012, IEEE Transactions on Evolutionary Computation.

[19]  Mohamed Hefeeda,et al.  Exploiting SIP for botnet communication , 2009, 2009 5th IEEE Workshop on Secure Network Protocols.

[20]  John M. Chambers,et al.  Graphical Methods for Data Analysis , 1983 .

[21]  G. Di Caro,et al.  Ant colony optimization: a new meta-heuristic , 1999, Proceedings of the 1999 Congress on Evolutionary Computation-CEC99 (Cat. No. 99TH8406).

[22]  Baruch Awerbuch,et al.  Provably Secure Competitive Routing against Proactive Byzantine Adversaries via Reinforcement Learning , 2003 .

[23]  H V Parunak,et al.  Expert Assessment of Human-Human Stigmergy , 2005 .

[24]  Amr M. Youssef,et al.  On the analysis of the Zeus botnet crimeware toolkit , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[25]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[26]  Rick Dove,et al.  Patterns of Self-Organizing Agile Security for Resilient Network Situational Awareness and Sensemaking , 2011, 2011 Eighth International Conference on Information Technology: New Generations.

[27]  Nicolas Ianelli,et al.  Botnets as a Vehicle for Online Crime , 2007 .

[28]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[29]  Alfredo De Santis,et al.  E-mail-Based Covert Channels for Asynchronous Message Steganography , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[30]  Jonathan M. Smith,et al.  USENIX Association , 2000 .

[31]  Alfredo De Santis,et al.  An intelligent security architecture for distributed firewalling environments , 2013, J. Ambient Intell. Humaniz. Comput..

[32]  Alfredo De Santis,et al.  Do You Trust Your Phone? , 2009, EC-Web.

[33]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[34]  Konrad Rieck,et al.  Botzilla: detecting the "phoning home" of malicious software , 2010, SAC '10.

[35]  Subhash C. Narula,et al.  Degree-constrained minimum spanning tree , 1980, Comput. Oper. Res..