Abstract
A botnet is a collection of infected computers, bots, which interact to accomplish some distributed task for illegal purposes. The emergence of mobile computing technologies has presented new challenges in simulating what a modern botnet could look like, and how effectively they can be executed with the limited resources provided by such technologies. In this short paper, we present a lightweight cross-platform botnet, called Mongoose, that communicates over the TOR network and may be deployed on all manner of devices including mobile phones, tablets, and personal computers. We then characterize behavior patterns of the mongoose command and control channel by using a new network traffic flow format, called KiFlow. Preliminary experimental evaluation results show that our analysis is promising to reveal significant characteristics of Mongoose in which patterns of occurrence frequency for each individual character between mongoose bot traffic and normal traffic generated by non-bot machine are very different.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Knecht, T. (2019). A brief history of bots and how they’ve shaped the internet today. Retrieved December from https://www.abusix.com/blog/a-brief-history-of-bots-and-how-theyve-shaped-the-internet-today
What is a botnet? (2017). Retrieved December, 2019, from https://www.pandasecurity.com/mediacenter/security/what-is-a-botnet/
Athanasopoulos, E., Makridakis, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K., & Markatos, E. (2008). Antisocial networks: Turning a social network into a Botnet. In Proceedings of the 11th information security conference, Taipei.
Chiang, K. & Lloyd, L. (2007). A case study of the Rustock Rootkit and Spam Bot. In Proceedings of USENIX HotBots.
Daswani, N. & Stoppelman, M. (2007). The anatomy of Clickbot.A. In Proceedings of USENIX HotBots.
Klijnsma, Y. (2013). Large botnet cause of recent Tor network overload. Retrieved from http://blog.fox-it.com/2013/09/05/largebotnet-cause-of-recent-tor-network-overload/Fox-It
Wang, P., Sparks, S., & Zou, C. (2007). An advanced hybrid peer-to-peer Botnet. In Proceedings of the first conference on first workshop on hot topics in understanding botnets. HotBots’07 (p. 2). Cambridge, MA: USENIX Association.
Phatbot. (2019). Retrieved December from https://fortiguard.com/appcontrol/12714
Nugache. (2019). Retrieved December from http://www.securityfocus.com/news/11390/
Peacomm. (2019). Retrieved December from https://www.symantec.com/security-center/writeup/2007-011917-1403-99
Barford, P. & Yegneswaran, V. (2006). An inside look at Botnets. In Special workshop on malware detection, advances in information security. Springer Verlag.
Strayer, W., Walsh, T., Livadas, C., & Lapsley, D. (2006). Detecting botnets with tight command and control. In Proceedings of the 31st IEEE conference on local computer networks (LCN) (pp. 15–16).
Strayer, T., Lapsley, D., Walsh, R., & Livadas, C. (2008). Botnet detection: Countering the largest security threat. Vol. 36: Botnet detection based on network behavior. Springer.
Binkley, R. (2006). An algorithm for anomaly-based botnet detection. SRUTI ‘06 Abstract. Retrieved from www.usenix.org/legacy/event/sruti06/tech/full_papers/binkley/binkley_html/
Choi, H. S., Lee, H. W., Lee, H. J., & Kim, H. G. (2007). Botnet detection by monitoring group activities in DNS traffic. In 7th IEEE international conference on computer and information technology (CIT).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lu, W., Mercaldo, N., Tellier, C. (2020). Characterizing Command and Control Channel of Mongoose Bots Over TOR. In: Woungang, I., Dhurandher, S. (eds) 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication. WIDECOM 2020. Lecture Notes on Data Engineering and Communications Technologies, vol 51. Springer, Cham. https://doi.org/10.1007/978-3-030-44372-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-44372-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44371-9
Online ISBN: 978-3-030-44372-6
eBook Packages: EngineeringEngineering (R0)