Abstract
Conducting research on botnets is often-times limited to the analysis of active botnets. This prevents researchers from testing detection and tracking mechanisms on potential future threats. Specifically, in the domain of P P botnets, the protocol specifics, network churn and anti-tracking mechanisms greatly impact the success or failure of monitoring operations. Moreover, experiments on real world botnets, commonly lack ground truth to verify the findings. As developing and deploying botnets of sufficient size is accompanied by large costs and administration efforts, this paper attempts to address this issue by introducing a simulation framework for P P botnets called Botnet Simulation Framework (BSF). BSF can simulate monitoring operations in botnets of more than 20.000 bots to evaluate tracking mechanisms or simulate takedown efforts. Moreover, communication traces can be exported to inject traffic into arbitrary PCAP files for training and evaluation of intrusion detection systems.
Originalsprog | Engelsk |
---|---|
Tidsskrift | The Journal on Cybercrime & Digital Investigations |
Vol/bind | 6 |
Udgave nummer | 1 |
Sider (fra-til) | 1-10 |
Antal sider | 10 |
ISSN | 2494-2715 |
DOI | |
Status | Udgivet - 6 dec. 2020 |
Begivenhed | Botconf 2020 - Online Webinar, Nantes, Frankrig Varighed: 1 dec. 2020 → 4 dec. 2020 |
Konference
Konference | Botconf 2020 |
---|---|
Lokation | Online Webinar |
Land/Område | Frankrig |
By | Nantes |
Periode | 01/12/2020 → 04/12/2020 |