Autonomously detecting sensors in fully distributed botnets

Leon Böck*, Emmanouil Vasilomanolakis, Jan Helge Wolf, Max Mühlhäuser

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

8 Citations (Scopus)
180 Downloads (Pure)

Abstract

Botnet attacks have devastating effects on public and private infrastructures. The botmasters controlling these networks aim to prevent takedown attempts by using highly resilient P2P overlays to commandeer their botnets, and even harden them with countermeasures against intelligence gathering attempts. In fact, recent research indicates that advanced countermeasures can hamper the ability to gather the necessary intelligence for taking down botnets. In this article, we take the perspective of the botmaster to eventually anticipate their behavior. That said, we present a novel mechanism, namely Trust Based Botnet Monitoring Countermeasure (TrustBotMC), that combines computational trust with specially crafted bot messages to detect the presence of monitoring activity. We study and evaluate different computational trust models, to create a local and autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms, such as sensors. Furthermore, we show, via our experimental results, that our approach can reduce the gathered intelligence by at least 53% compared to techniques that have been seen in botnets to date. Finally, we investigate techniques for mitigating our approach.

Original languageEnglish
JournalComputers and Security
Volume83
Pages (from-to)1-13
Number of pages13
ISSN0167-4048
DOIs
Publication statusPublished - 1 Feb 2019

Keywords

  • Botnet monitoring
  • Computational trust
  • Fully distributed botnets
  • P2P botnets
  • Sensor evasion

Fingerprint

Dive into the research topics of 'Autonomously detecting sensors in fully distributed botnets'. Together they form a unique fingerprint.

Cite this