We recently published a paper
at EC2ND 2008
, the fourth European Conference on Computer Network Defense, on next-generation botnets. The paper highlights challenges we might face in the near future when botnets evolve beyond simple IRC-based botnets that we observe today: The area of botnets faces – similar to other ﬁelds – an arms race between botmasters and defenders. To keep up with latest developments, researchers need to continue to improve detection and mitigation methods and investigate new techniques used by botmasters. The goal of our work is to increase the understanding of more advanced botnet designs. We anticipate that this paper ultimately leads to the development of new, sophisticated techniques, which will help to fend oﬀ arising threats. While the topic of the paper is a bit offensive, I hope that it leads to the development of novel detection techniques that can also be used to stop more advanced botnets.
The full paper
contains a discussion of the features of Rambot
, the name we gave this project. This work was a collaboration with Ralf Hund and Matthias Hamann, two students from our lab
: In this paper, we introduce the design of an advanced bot called Rambot that is based on the weaknesses we found when tracking a diverse set of botnets over a period of several months. The main features of this bot are peer-to-peer communication, strong cryptography, a credit-point system to build bilateral trust amongst bots, and a proof-of-work scheme to protect against potential attacks. The goal of this work is to increase the understanding of more advanced botnet designs, such that more eﬃcient detection and mitigation systems can be developed in the future.