Skip to main content
SpringerLink
Log in
Book cover

International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments

ISDDC 2017: Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments pp 55–62Cite as

Detecting Command and Control Channel of Botnets in Cloud

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10618))

Abstract

The rapid rise of cloud computing technology marks the next wave of enterprise information technology, catering up a market demand of a digitized economy to deliver traditional utilities such as electricity, gas, water. It, however, also paves a secure and cheap way of forming a so-called botnet in the cloud. A botnet consists of a network compromised machines controlled by an attacker (a.k.a. botmaster). Traditionally botnets have been integrated with computers, and have been the primary cause of many malicious Internet attacks. However, with emerging technologies such as cloud computing have presented new challenges in simulating what a modern botnet could look like, and how effective they can be executed with the easily accessible resources provided by such technologies. In this paper we implement a novel cloud based botnet and then propose a new method for detecting it. It is our belief that each cloud based botnet has a unique level of entropy in their networking exchanges, and thus determining the randomness of the communications between the command and control server and the bots could be applied to discriminate bot behaviors from normal cloud users. The proposed approach is evaluated in a closed networking environment and the preliminary experimental evaluation results are promising and show significant potentials of using entropy to detect command and control channel of botnets in the cloud.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Symantec. http://www.symantec.com/security_response/publications/threatreport.jsp. Accessed 1 June 2017

  2. Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007), 10 April 2007 (2007)

    Google Scholar 

  3. Uses of botnets, The Honeynet Project. https://www.honeynet.org/node/52

  4. Sinit. http://www.symantec.com/security_response/writeup.jsp?docid=2003-100910-5701-99. Accessed 1 Apr 2017

  5. Nugache. http://www.symantec.com/security_response/writeup.jsp?docid=2006-043016-0900-99. Accessed 1 Apr 2017

  6. Phatbot. http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20658. Accessed 1 Apr 2017

  7. Peacomm. http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99. Accessed 1 Apr 2017

  8. Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52 (2006)

    Google Scholar 

  9. Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The nepenthes platform: an efficient approach to collect malware. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 165–184. Springer, Heidelberg (2006). doi:10.1007/11856214_9

    Chapter  Google Scholar 

  10. Yegneswaran, V., Barford, P., Paxson, V.: Using honeynets for internet situational awareness. In: Proceedings of the 4th Workshop on Hot Topics in Networks, College Park, MD (2005)

    Google Scholar 

  11. Li, Z., Goyal, A., Chen, Y.: Honeynet-based botnet scan traffic analysis. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection. ADIS, vol. 36, pp. 25–44. Springer, Heidelberg (2008). doi:10.1007/11555827_19. ISBN 978-0-387-68766-7

    Chapter  Google Scholar 

  12. Freiling, F.C., Holz, T., Wicherski, G.: Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: de Capitani di Vimercati, S., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319–335. Springer, Heidelberg (2005). doi:10.1007/11555827_19

    Chapter  Google Scholar 

  13. Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, California (2008)

    Google Scholar 

  14. Strayer, T., Walsh, R., Livadas, C., Lapsley, D.: Detecting botnets with tight command and control. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 195–202 (2006)

    Google Scholar 

  15. Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection. ADIS, vol. 36, pp. 1–24. Springer, Heidelberg (2008). doi:10.1007/978-0-387-68768-1_1

    Chapter  Google Scholar 

  16. Livadas, C., Walsh, R., Lapsley, D., Strayer, T.: Using machine learning techniques to identify botnet traffic. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 967–974, November 2006

    Google Scholar 

  17. Goebel, J., Holz, T.: Rishi: identify bot contaminated hosts by IRC nickname evaluation. In: Proceedings of USENIX HotBots 2007 (2007)

    Google Scholar 

  18. Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: Proceedings of the 1st Conference on 1st Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (2007)

    Google Scholar 

  19. Binkley, J.R., Singh, S.: An algorithm for anomaly-based botnet detection. In: USENIX SRUTI: 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (2006)

    Google Scholar 

  20. Gu, G.F., Zhang, J.J., Lee, W.K.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, San Diego, CA, February 2008

    Google Scholar 

  21. Gu, G.F., Perdisci, R., Zhang, J.J., Lee, W.K.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium (Security 2008), San Jose, CA (2008)

    Google Scholar 

  22. Klijnsma, Y.: Large botnet cause of recent Tor network overload. http://blog.fox-it.com/2013/09/05/largebotnet-cause-of-recent-tor-network-overload/. Fox-It, 5 September 2013

  23. Clark, K.P., Warnier, M., Brazier, F.M.T.: Botclouds - the future of cloud-based botnets? In: Leymann, F., Ivanov, I., van Sinderen, M.J., Shishkov, B.B. (eds.) Proceedings of the 1st International Conference on Cloud Computing and Services Science (CLOSER 2011), pp. 597–603. Science and Technology Publications (2011)

    Google Scholar 

  24. Torkashvan, M., Haghighi, H.: CBC2 a cloud-based botnet command and control. Ind. J. Sci. Technol. 8, 1–15 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Keene State College, USNH, Durham, USA

    Wei Lu

  2. Amadeus-Hospitality, Portsmouth, NH, USA

    Mark Miller

  3. UBit Labs, Amherst, MA, USA

    Ling Xue

Authors
  1. Wei Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Miller
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ling Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Lu .

Editor information

Editors and Affiliations

  1. University of Victoria, Victoria, British Columbia, Canada

    Issa Traore

  2. Ryerson University, Toronto, Ontario, Canada

    Isaac Woungang

  3. New York Institute of Technology, Vancouver, British Columbia, Canada

    Ahmed Awad

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Lu, W., Miller, M., Xue, L. (2017). Detecting Command and Control Channel of Botnets in Cloud. In: Traore, I., Woungang, I., Awad, A. (eds) Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. ISDDC 2017. Lecture Notes in Computer Science(), vol 10618. Springer, Cham. https://doi.org/10.1007/978-3-319-69155-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69155-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69154-1

  • Online ISBN: 978-3-319-69155-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation