Abstract
Remote Access Trojan (RAT) is a type of malicious software, aiming to infect victims’ computers through targeted attacks. Most existing RATs require a hacker to purchase a server, a domain name and many network resources to construct the infrastructure with a Command and Control (C2) channel. However, hackers’ information may be leaked or become traceable during the purchase of C2 channels and network resources. In this work, we propose BlockRAT, a blockchain-based RAT framework that can hide the hacker’s personal information with untraceability and low cost. We also introduce a method to help assess the suitability of blockchain types. In the evaluation, we take Network Infrastructure for Decentralized Internet (NKN) as a case study, and compare our BlockRAT with existing studies. The results indicate that BlockRAT can achieve upstream and downstream anonymity, low cost, and good extensibility.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bitcoins, blockchains, and botnets. https://www.akamai.com/blog/security/bitcoins--blockchains--and-botnets
Remove whisper API. https://github.com/ethereum/web3.py/pull/1791
Virustotal. https://www.virustotal.com/
Ali, Syed Taha, McCorry, Patrick, Lee, Peter Hyun-Jeen., Hao, Feng: ZombieCoin: powering next-generation botnets with bitcoin. In: Brenner, Michael, Christin, Nicolas, Johnson, Benjamin, Rohloff, Kurt (eds.) FC 2015. LNCS, vol. 8976, pp. 34–48. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48051-9_3
Ali, S.T., McCorry, P., Lee, P.H.J., Hao, F.: Zombiecoin 2.0: managing next-generation botnets using bitcoin. International J. Inf. Secur. 17(4), 411–422 (2018)
Alibrahim, O., Malaika, M.: Botract: abusing smart contracts and blockchain for botnet command and control. Int. J. Inf. Comput. Secur. 17(1–2), 147–163 (2022)
Atluri, Anoop Chowdary, Tran, Vinh: Botnets threat analysis and detection. In: Traoré, Issa, Awad, Ahmed, Woungang, Isaac (eds.) Information Security Practices, pp. 7–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-48947-6_2
Baden, M., Torres, C.F., Pontiveros, B.B.F., State, R.: Whispering botnet command and control instructions. In: 2019 Crypto Valley Conference on Blockchain Technology (CVCBT), pp. 77–81. IEEE (2019)
Böck, L., Alexopoulos, N., Saracoglu, E., Mühlhäuser, M., Vasilomanolakis, E.: Assessing the threat of blockchain-based botnets. In: 2019 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–11. IEEE (2019)
Falco, G., Li, C., Fedorov, P., Caldera, C., Arora, R., Jackson, K.: Neuromesh: IoT security enabled by a blockchain powered botnet vaccine. In: Proceedings of the International Conference on Omni-Layer Intelligent Systems, pp. 1–6 (2019)
Frkat, D., Annessi, R., Zseby, T.: Chainchannels: Private botnet communication over public blockchains. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1244–1252. IEEE (2018)
Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: NDSS (2008)
Lekssays, A., Landa, L., Carminati, B., Ferrari, E.: Pautobotcatcher: a blockchain-based privacy-preserving botnet detector for internet of things. Comput. Netw. 200, 108512 (2021)
Makkar, I.K., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: Sociobot: a twitter-based botnet. Int. J. Secure. Network. 12(1), 1–12 (2017)
Meng, W., Li, W., Zhou, J.: Enhancing the security of blockchain-based software defined networking through trust-based traffic fusion and filtration. Inf. Fusion 70, 60–71 (2021)
Meng, W., Li, W., Zhu, L.: Enhancing medical smartphone networks via blockchain-based trust management against insider attacks. IEEE Trans. Eng. Manag. 67(4), 1377–1386 (2020)
Mengidis, A.: Blockchain-based command and control for next generation botnets (2019)
Or-Meir, O., Nissim, N., Elovici, Y., Rokach, L.: Dynamic malware analysis in the modern era-a state of the art survey. ACM Comput. Surv. (CSUR) 52(5), 1–48 (2019)
Quarterman, J.S., Sayin, S., Whinston, A.B.: Rustock botnet and ASNs. TPRC (2011)
Silva, S.S., Silva, R.M., Pinto, R.C., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)
Spathoulas, G., Giachoudis, N., Damiris, G.P., Theodoridis, G.: Collaborative blockchain-based detection of distributed denial of service attacks based on internet of things botnets. Future Internet 11(11), 226 (2019)
Sweeny, J.: Botnet resiliency via private blockchains. SANS Institute Information Security Reading Group (2017)
Yin, M., Chen, X., Wang, Q., Wang, W., Wang, Y.: Dynamics on hybrid complex network: Botnet modeling and analysis of medical IoT. Secur. Commun. Netw. 2019(5), 1–14 (2019)
Zhang, L., Yu, S., Wu, D., Watters, P.: A survey on latest botnet attack and defense. In: 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 53–60. IEEE (2011)
Zohar, O.: Unblockable chains. https://github.com/platdrag/UnblockableChains. Accessed 12 Dec 2018
Acknowledgments
This work was supported by Natural Science Foundation of China under grant No. 62072133, Key projects of Guangxi Natural Science Foundation under grant No. 2018GXNSFDA281040
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kang, Y., Yu, X., Meng, W., Liu, Y. (2022). BlockRAT: An Enhanced Remote Access Trojan Framework via Blockchain. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)