EC2ND'08: "Towards Next-Generation Botnets"

We recently published a paper at EC2ND 2008, the fourth European Conference on Computer Network Defense, on next-generation botnets. The paper highlights challenges we might face in the near future when botnets evolve beyond simple IRC-based botnets that we observe today: The area of botnets faces – similar to other fields – an arms race between botmasters and defenders. To keep up with latest developments, researchers need to continue to improve detection and mitigation methods and investigate new techniques used by botmasters. The goal of our work is to increase the understanding of more advanced botnet designs. We anticipate that this paper ultimately leads to the development of new, sophisticated techniques, which will help to fend off arising threats. While the topic of the paper is a bit offensive, I hope that it leads to the development of novel detection techniques that can also be used to stop more advanced botnets.

The full paper contains a discussion of the features of Rambot, the name we gave this project. This work was a collaboration with Ralf Hund and Matthias Hamann, two students from our lab.

Abstract: In this paper, we introduce the design of an advanced bot called Rambot that is based on the weaknesses we found when tracking a diverse set of botnets over a period of several months. The main features of this bot are peer-to-peer communication, strong cryptography, a credit-point system to build bilateral trust amongst bots, and a proof-of-work scheme to protect against potential attacks. The goal of this work is to increase the understanding of more advanced botnet designs, such that more efficient detection and mitigation systems can be developed in the future.

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. Sundaram says:

    this reminds me of a presentation I've seen on blackhat amsterdam 2007 from 3 brazilian guys.

    http://www.blackhat.com/presentations/bh-europe-07/Fucs-Paes-de-Barros-Pereira/Whitepaper/bh-eu-07-barros-WP.pdf

  2. smart card says:

    The security threats of botnets and what they will be able to do in the future is scary. I'm glad that there are meeting like the European Conference on Computer Network Defense that talk about the next-generation botnets and the security challenges that we might face in the future. I am excited to explore more about your project Rambot and hope that it has security insights to offer.


Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5