Autonomously detecting sensors in fully distributed botnets

Leon Böck*, Emmanouil Vasilomanolakis, Jan Helge Wolf, Max Mühlhäuser

*Kontaktforfatter

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningpeer review

2 Citationer (Scopus)
36 Downloads (Pure)

Resumé

Botnet attacks have devastating effects on public and private infrastructures. The botmasters controlling these networks aim to prevent takedown attempts by using highly resilient P2P overlays to commandeer their botnets, and even harden them with countermeasures against intelligence gathering attempts. In fact, recent research indicates that advanced countermeasures can hamper the ability to gather the necessary intelligence for taking down botnets. In this article, we take the perspective of the botmaster to eventually anticipate their behavior. That said, we present a novel mechanism, namely Trust Based Botnet Monitoring Countermeasure (TrustBotMC), that combines computational trust with specially crafted bot messages to detect the presence of monitoring activity. We study and evaluate different computational trust models, to create a local and autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms, such as sensors. Furthermore, we show, via our experimental results, that our approach can reduce the gathered intelligence by at least 53% compared to techniques that have been seen in botnets to date. Finally, we investigate techniques for mitigating our approach.

OriginalsprogEngelsk
TidsskriftComputers and Security
Vol/bind83
Sider (fra-til)1-13
Antal sider13
ISSN0167-4048
DOI
StatusUdgivet - 1 feb. 2019

Fingerprint

intelligence
monitoring
Sensors
infrastructure
ability
Monitoring
Botnet

Citer dette

Böck, Leon ; Vasilomanolakis, Emmanouil ; Wolf, Jan Helge ; Mühlhäuser, Max. / Autonomously detecting sensors in fully distributed botnets. I: Computers and Security. 2019 ; Bind 83. s. 1-13.
@article{1631e8830c4049c5b0ed425bc5e8d5fe,
title = "Autonomously detecting sensors in fully distributed botnets",
abstract = "Botnet attacks have devastating effects on public and private infrastructures. The botmasters controlling these networks aim to prevent takedown attempts by using highly resilient P2P overlays to commandeer their botnets, and even harden them with countermeasures against intelligence gathering attempts. In fact, recent research indicates that advanced countermeasures can hamper the ability to gather the necessary intelligence for taking down botnets. In this article, we take the perspective of the botmaster to eventually anticipate their behavior. That said, we present a novel mechanism, namely Trust Based Botnet Monitoring Countermeasure (TrustBotMC), that combines computational trust with specially crafted bot messages to detect the presence of monitoring activity. We study and evaluate different computational trust models, to create a local and autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms, such as sensors. Furthermore, we show, via our experimental results, that our approach can reduce the gathered intelligence by at least 53{\%} compared to techniques that have been seen in botnets to date. Finally, we investigate techniques for mitigating our approach.",
keywords = "Botnet monitoring, Computational trust, Fully distributed botnets, P2P botnets, Sensor evasion",
author = "Leon B{\"o}ck and Emmanouil Vasilomanolakis and Wolf, {Jan Helge} and Max M{\"u}hlh{\"a}user",
year = "2019",
month = "2",
day = "1",
doi = "10.1016/j.cose.2019.01.004",
language = "English",
volume = "83",
pages = "1--13",
journal = "Computers & Security",
issn = "0167-4048",
publisher = "Elsevier",

}

Autonomously detecting sensors in fully distributed botnets. / Böck, Leon; Vasilomanolakis, Emmanouil; Wolf, Jan Helge; Mühlhäuser, Max.

I: Computers and Security, Bind 83, 01.02.2019, s. 1-13.

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningpeer review

TY - JOUR

T1 - Autonomously detecting sensors in fully distributed botnets

AU - Böck, Leon

AU - Vasilomanolakis, Emmanouil

AU - Wolf, Jan Helge

AU - Mühlhäuser, Max

PY - 2019/2/1

Y1 - 2019/2/1

N2 - Botnet attacks have devastating effects on public and private infrastructures. The botmasters controlling these networks aim to prevent takedown attempts by using highly resilient P2P overlays to commandeer their botnets, and even harden them with countermeasures against intelligence gathering attempts. In fact, recent research indicates that advanced countermeasures can hamper the ability to gather the necessary intelligence for taking down botnets. In this article, we take the perspective of the botmaster to eventually anticipate their behavior. That said, we present a novel mechanism, namely Trust Based Botnet Monitoring Countermeasure (TrustBotMC), that combines computational trust with specially crafted bot messages to detect the presence of monitoring activity. We study and evaluate different computational trust models, to create a local and autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms, such as sensors. Furthermore, we show, via our experimental results, that our approach can reduce the gathered intelligence by at least 53% compared to techniques that have been seen in botnets to date. Finally, we investigate techniques for mitigating our approach.

AB - Botnet attacks have devastating effects on public and private infrastructures. The botmasters controlling these networks aim to prevent takedown attempts by using highly resilient P2P overlays to commandeer their botnets, and even harden them with countermeasures against intelligence gathering attempts. In fact, recent research indicates that advanced countermeasures can hamper the ability to gather the necessary intelligence for taking down botnets. In this article, we take the perspective of the botmaster to eventually anticipate their behavior. That said, we present a novel mechanism, namely Trust Based Botnet Monitoring Countermeasure (TrustBotMC), that combines computational trust with specially crafted bot messages to detect the presence of monitoring activity. We study and evaluate different computational trust models, to create a local and autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms, such as sensors. Furthermore, we show, via our experimental results, that our approach can reduce the gathered intelligence by at least 53% compared to techniques that have been seen in botnets to date. Finally, we investigate techniques for mitigating our approach.

KW - Botnet monitoring

KW - Computational trust

KW - Fully distributed botnets

KW - P2P botnets

KW - Sensor evasion

UR - http://www.scopus.com/inward/record.url?scp=85061066173&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2019.01.004

DO - 10.1016/j.cose.2019.01.004

M3 - Journal article

AN - SCOPUS:85061066173

VL - 83

SP - 1

EP - 13

JO - Computers & Security

JF - Computers & Security

SN - 0167-4048

ER -