Skip to main content
Book cover

International Conference on Information and Communications Security

ICICS 2018: Information and Communications Security pp 57–74Cite as

Study on Advanced Botnet Based on Publicly Available Resources

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11149)

Abstract

In recent years, botnets continue to be an ever-increasing threat on the Internet. To be well prepared for future attacks and ensure the cyberspace security, defenders take more attention on advanced botnet designs that could be used by botmasters. In this paper, we design an advanced botnet based on publicly available resources, and implement its prototype system, which is named as PR-Bot. First of all, in terms of system design, PR-Bot is completely constructed based on the third-party publicly available resources and supports the bidirectional communication between the control end and the controlled end. At the same time, the system’s command and control (C&C) channel consists of three sub-channels: command control channel (CC channel), command addressing (CA channel) and result feedback (RF channel), making it extremely robust and concealed. Secondly, in terms of defense technology, this paper proposes the targeted defense strategies from the perspective of detection, measurement and tracking, so as to achieve the goal of combating against such botnets. In short, the ultimate purpose of this paper is not to design a highly harmful botnet, but to accurately predict the techniques that the botnet may adopt in the future and assess its new threats from the point of attack and defense.

Keywords

  • Publicly available resource
  • Command and control
  • Bidirectional communication
  • Defense technology

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-01950-1_4
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-01950-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.
Fig. 9.

References

  1. Xiang, C., Binxing, F., Jinqiao, S., Chaoge, L.: Botnet triple-channel model: towards resilient and efficient bidirectional communication botnets. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 53–68. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-04283-1_4

    CrossRef  Google Scholar 

  2. Li, C., Jiang, W., Zou, X.: Botnet: survey and case study. In: 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC), pp. 1184–1187. IEEE (2009)

    Google Scholar 

  3. Bailey, M., Cooke, E., Jahanian, F., et al.: A survey of botnet technology and defenses. In: Conference for Homeland Security, CATCH 2009. Cybersecurity Applications & Technology, pp. 299–304. IEEE (2009)

    Google Scholar 

  4. Amini, P., Pierce, C.: Kraken Botnet Infiltration [EB]. Blog on DVLabs, 2008 (2011). http://dvlabs.tippingpoint.com. Accessed 10 June 2011

  5. Williams, J.: Operation b107 - Rustock Botnet Takedown (2011). http://blogs.technet.com/b/mmpc/archive/2011/03/18/operation-b107-rustock-botnet-takedown.aspx

  6. Sharifnya, R., Abadi, M.: DFBotKiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic. Digit. Investig. 12, 15–26 (2015)

    CrossRef  Google Scholar 

  7. Nazario, J., Holz, T.: As the net churns: fast-flux botnet observations. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 24–31. IEEE (2008)

    Google Scholar 

  8. Stone-Gross, B., Cova, M., Cavallaro, L., et al.: Your Botnet is my Botnet: analysis of a Botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 635–647. ACM (2009)

    Google Scholar 

  9. Holz, T., Steiner, M., Dahl, F., et al.: Measurements and mitigation of peer-to-peer-based Botnets: a case study on storm worm. LEET 8(1), 1–9 (2008)

    Google Scholar 

  10. Davis, C.R., Fernandez, J.M., Neville, S., et al.: Sybil attacks as a mitigation strategy against the storm Botnet. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 32–40. IEEE (2008)

    Google Scholar 

  11. Thomas, K., Nicol, D.M.: The Koobface Botnet and the rise of social malware. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 63–70. IEEE (2010)

    Google Scholar 

  12. Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: A Covert Social Network Botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24178-9_21

    CrossRef  Google Scholar 

  13. Cui, X., Fang, B.X., Yin, L.H., Liu, X.Y.: AndBot: towards advanced mobile Botnets. In: Proceedings of the 4th Usenix Workshop on Large-scale Exploits and Emergent Threats, LEET (2011)


    Google Scholar 

  14. Yadav, S., Reddy, A.K.K., Reddy, A.L., et al.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 48–61. ACM (2010)

    Google Scholar 

  15. Gu, G., Perdisci, R., Zhang, J., et al.: BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX Security Symposium, vol. 5, no. 2, pp. 139–154 (2008)

    Google Scholar 

  16. Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., et al.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)

    CrossRef  Google Scholar 

  17. Sanatinia, A., Guevara N.: OnionBots: subverting privacy infrastructure for cyber attacks. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 69–80. IEEE (2015)

    Google Scholar 

  18. Ali, S.T., McCorry, P., Lee, P.H.-J., Hao, F.: ZombieCoin 2.0: managing next-generation botnets using Bitcoin. Int. J. Inf. Secur. 1–12 (2017)

    Google Scholar 

  19. Yan, G., Ha, D.T., Eidenbenz, S.: AntBot: anti-pollution peer-to-peer Botnets. Comput. Netw. 55(8), 1941–1956 (2011)

    CrossRef  Google Scholar 

  20. Lehtiö, A.: C&C-as-a-service: abusing third-party web services as C&C channels (2015)

    Google Scholar 

  21. Lee, S., Kim, J.: Fluxing Botnet command and control channels with URL shortening services. Comput. Commun. 36(3), 320–332 (2013)

    CrossRef  Google Scholar 

  22. Chen, Z., Subramanian, D.: An unsupervised approach to detect spam campaigns that use Botnets on twitter. arXiv preprint arXiv:1804.05232 (2018)

  23. Guo, X., Cheng, G., Hu, Y., et al.: Progress in command and control server finding schemes of Botnet. In: Trustcom/BigDataSE/I SPA, pp. 1723–1727. IEEE (2016)

    Google Scholar 

Download references

Acknowledgements

This work is supported by the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences, Beijing Key Laboratory of Network Security and Protection Technology, and the National Key Research and Development Program of China (No. 2016YFB0801604, No. 2016QY08D1602, No. 2016QY06X1204).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Jie Yin, Fangjiao Zhang & Xiang Cui

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Jie Yin & Fangjiao Zhang

  3. Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China

    Heyang Lv

  4. Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China

    Zhihong Tian & Xiang Cui

Authors
  1. Jie Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heyang Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fangjiao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhihong Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiang Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Heyang Lv or Zhihong Tian .

Editor information

Editors and Affiliations

  1. Départment d'Informatique, Ecole Normale Supérieure, Paris, France

    David Naccache

  2. University of Texas, San Antonio, TX, USA

    Shouhuai Xu

  3. Chinese Academy of Sciences, Beijing, China

    Sihan Qing

  4. Dipto di Informatica, Univ degli Studi di Milano, Crema, Italy

    Prof. Pierangela Samarati

  5. Télécom SudParis, Evry, France

    Gregory Blanc

  6. University of New Brunswick, Fredericton, NB, Canada

    Rongxing Lu

  7. IMT Lille Douai, Villeneuve-d'Ascq, France

    Zonghua Zhang

  8. IMT Lille Douai, Villeneuve-d'Ascq, France

    Ahmed Meddahi

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Yin, J., Lv, H., Zhang, F., Tian, Z., Cui, X. (2018). Study on Advanced Botnet Based on Publicly Available Resources. In: , et al. Information and Communications Security. ICICS 2018. Lecture Notes in Computer Science(), vol 11149. Springer, Cham. https://doi.org/10.1007/978-3-030-01950-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01950-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01949-5

  • Online ISBN: 978-3-030-01950-1

  • eBook Packages: Computer ScienceComputer Science (R0)