Skip to main content
SpringerLink
Log in

Characterizing Command and Control Channel of Mongoose Bots Over TOR

  • Conference paper
  • First Online:
3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication (WIDECOM 2020)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 51))

Abstract

A botnet is a collection of infected computers, bots, which interact to accomplish some distributed task for illegal purposes. The emergence of mobile computing technologies has presented new challenges in simulating what a modern botnet could look like, and how effectively they can be executed with the limited resources provided by such technologies. In this short paper, we present a lightweight cross-platform botnet, called Mongoose, that communicates over the TOR network and may be deployed on all manner of devices including mobile phones, tablets, and personal computers. We then characterize behavior patterns of the mongoose command and control channel by using a new network traffic flow format, called KiFlow. Preliminary experimental evaluation results show that our analysis is promising to reveal significant characteristics of Mongoose in which patterns of occurrence frequency for each individual character between mongoose bot traffic and normal traffic generated by non-bot machine are very different.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Knecht, T. (2019). A brief history of bots and how they’ve shaped the internet today. Retrieved December from https://www.abusix.com/blog/a-brief-history-of-bots-and-how-theyve-shaped-the-internet-today

  2. What is a botnet? (2017). Retrieved December, 2019, from https://www.pandasecurity.com/mediacenter/security/what-is-a-botnet/

  3. Athanasopoulos, E., Makridakis, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K., & Markatos, E. (2008). Antisocial networks: Turning a social network into a Botnet. In Proceedings of the 11th information security conference, Taipei.

    Google Scholar 

  4. Chiang, K. & Lloyd, L. (2007). A case study of the Rustock Rootkit and Spam Bot. In Proceedings of USENIX HotBots.

    Google Scholar 

  5. Daswani, N. & Stoppelman, M. (2007). The anatomy of Clickbot.A. In Proceedings of USENIX HotBots.

    Google Scholar 

  6. Klijnsma, Y. (2013). Large botnet cause of recent Tor network overload. Retrieved from http://blog.fox-it.com/2013/09/05/largebotnet-cause-of-recent-tor-network-overload/Fox-It

  7. Wang, P., Sparks, S., & Zou, C. (2007). An advanced hybrid peer-to-peer Botnet. In Proceedings of the first conference on first workshop on hot topics in understanding botnets. HotBots’07 (p. 2). Cambridge, MA: USENIX Association.

    Google Scholar 

  8. Phatbot. (2019). Retrieved December from https://fortiguard.com/appcontrol/12714

  9. Nugache. (2019). Retrieved December from http://www.securityfocus.com/news/11390/

  10. Peacomm. (2019). Retrieved December from https://www.symantec.com/security-center/writeup/2007-011917-1403-99

  11. Barford, P. & Yegneswaran, V. (2006). An inside look at Botnets. In Special workshop on malware detection, advances in information security. Springer Verlag.

    Google Scholar 

  12. Strayer, W., Walsh, T., Livadas, C., & Lapsley, D. (2006). Detecting botnets with tight command and control. In Proceedings of the 31st IEEE conference on local computer networks (LCN) (pp. 15–16).

    Google Scholar 

  13. Strayer, T., Lapsley, D., Walsh, R., & Livadas, C. (2008). Botnet detection: Countering the largest security threat. Vol. 36: Botnet detection based on network behavior. Springer.

    Google Scholar 

  14. Binkley, R. (2006). An algorithm for anomaly-based botnet detection. SRUTI ‘06 Abstract. Retrieved from www.usenix.org/legacy/event/sruti06/tech/full_papers/binkley/binkley_html/

  15. Choi, H. S., Lee, H. W., Lee, H. J., & Kim, H. G. (2007). Botnet detection by monitoring group activities in DNS traffic. In 7th IEEE international conference on computer and information technology (CIT).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Keene State College, USNH, Keene, NH, USA

    Wei Lu, Nathanael Mercaldo & Chance Tellier

  2. Peter T. Paul College of Business and Economics, University of New Hampshire, Durham, NH, USA

    Wei Lu

Authors
  1. Wei Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nathanael Mercaldo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chance Tellier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Lu .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Ryerson University, Toronto, ON, Canada

    Isaac Woungang

  2. Department of Information Technology, Netaji Subhas University of Technology, New Delhi, India

    Sanjay Kumar Dhurandher

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lu, W., Mercaldo, N., Tellier, C. (2020). Characterizing Command and Control Channel of Mongoose Bots Over TOR. In: Woungang, I., Dhurandher, S. (eds) 3rd International Conference on Wireless, Intelligent and Distributed Environment for Communication. WIDECOM 2020. Lecture Notes on Data Engineering and Communications Technologies, vol 51. Springer, Cham. https://doi.org/10.1007/978-3-030-44372-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-44372-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-44371-9

  • Online ISBN: 978-3-030-44372-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation