A recoverable hybrid C&C botnet

Author

Liu, Chaoge ; Lu, Weiqing ; Zhang, Zhiqi ; Liao, Peng ; Cui, Xiang

Author_Institution

Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2011

fDate

18-19 Oct. 2011

Firstpage

110

Lastpage

118

Abstract

In this paper, we introduce the possible design of such a botnet called CoolBot which exploits a novel hybrid command and control (C&C) structure - hybrid P2P and URL Flux. The proposed CoolBot would have extremely desirable features - robustness and recoverability, that is, it could not only defend against popular attacks such as Sybil and routing table pollution attack but also could recover its C&C channel in a tolerable delay in case most of critical resources are destroyed, which promise to be appealing for botmasters. Our preliminary results show that the design of CoolBot is feasible and hard to defend against, consequently posing potential threat for Internet security. The goal of our work is to increase the understanding of advanced botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat.

Keywords

Internet; command and control systems; computer network security; peer-to-peer computing; C and C channel; CoolBot; Internet security; Sybil; URL flux; critical resources; hybrid P2P botnet; hybrid command and control structure; recoverable hybrid C and C botnet; routing table pollution attack; tolerable delay; Computer architecture; Peer to peer computing; Protocols; Radiation detectors; Robustness; Routing; Software;

fLanguage

English

Publisher

ieee

Conference_Titel

Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on

Conference_Location

Fajardo

Print_ISBN

978-1-4673-0031-5

Type

conf

DOI

10.1109/MALWARE.2011.6112334

Filename

6112334