Botnets: An Analysis of Attack Techniques, Detection and Mitigation Methods using Open Source Software
Contents
Introduction and Background
Aims
Objectives
Resources
Hardware
Software
Library
Other
Deliverables
Academic Challenges
Ethics
Professionalism
Literature Review
Methodology
Project Plan
A Bot is a piece of software or program used to very quickly perform repetitive commands or tasks. A Botnet or network of robots is a collection of these systems with the purpose of carrying out a series of distributed commands or tasks. Initial Bots were not malicious. They were developed in the late 1980’s early 1990’s to work within and alongside the release of Internet Relay Chat or IRC.
Over the last two decades the sophisticated design and complexity of Bots as well as their purpose has evolved. Botnets are now recognised as one of the favourite tools of cybercriminals and hackers.
Spitz and Hunter (2005) explain that these original Bots were developed to provide services to users and highlight that Napster, the peer to peer file sharing system developed in 1999 was one of the biggest successes for Botnets. However Hoque, Bhattacharyya, and Kalita (2015) suggest that various malicious Botnet techniques such as Distributed Denial of Service (DDoS), Malware and Spam attacks provide criminals with the ability to exploit systems and gain access to personal data or even prevent access to systems.
Wainwright and Kettani (2019) reflect that to detect and mitigate against these attacks is an ongoing and ever increasing problem as systems migrate to a more mobile and expansive range of IoT connected devices.
To analyse Botnet attack behaviours, evaluate detection methods and propose a framework of mitigation techniques to protect networks and systems using Open Source Software
Investigate the design and behaviours of Botnets
Investigate existing Botnet detection mechanisms
Examine current mitigation techniques
Investigate relevant Open Source Software
Design a controlled environment for test purposes
Design a test framework
Document the processes
Document the environment
Design a schedule of testing
Analyse results
Design a recommended mitigation framework
Hardware
2 x Desktop Computers
2 x Monitors
2 x Keyboards
2 x Mice
2 x Network Interface Cards
Performance (Per System)
Quad Core Processors, min 2.7GHz
16 – 32 Gb Ram
Large / Fast hard drives (SSD / SATA)
External USB hard drives
Router / Switch for connectivity between systems
Wired and Wi-Fi Connectivity
Internet Connectivity
Software
Operating System software for the host systems (Windows / Linux)
Web Browsers
Word Processor
Spreadsheet
Email Client
Presentation software
Recording software
Open Source Virtualisation software
Open Source applications
Intrusion Detection software
Intrusion Detection and Prevention software
Botnet malware
Firewall solution
DNS
Webserver
IRC software
Penetration Testing tools
Multiple network utilities
Library
Journals
IEEE Xplore Digital Library
ACM Library
Books
Various reference guides as listed in the reference section
Other
Website Resources
Oracle Virtual Box
Ubuntu.com
Microsoft.com
Github.com
SANS Institute
NIST
Write a literature review to include
Botnet design and behaviours and how they can be controlled through Command and Control servers
Detection mechanisms including, how they are implemented and how they detect Botnet attacks
Mitigation techniques and how they have developed and the processes required to remove detected Botnet Bots
Research, categorise and obtain the various open source software required for the project
Create a controlled, virtualised sandbox environment to protect the physical systems while allowing for the deployment of Botnet detection software and the distribution of Botnet malware within the environment
Produce a series of tests to be generated in the controlled environment
Produce a detailed report on the structure of the controlled environment and the processes used in the testing phase
Create a detailed schedule to be included in the overall project plan. for the build of the controlled environment, the installation and configuration of the various systems and software and the testing phase
Produce a detailed report highlighting the results of the various tests.
Create a recommended mitigation framework based on the information gathered in the literature reviews and the detailed results of the testing phase.
The area being researched is quite broad with a combination of attack, detection and mitigation techniques at the core. This will require a strong understanding of each of these areas both individually and collectively. Extensive research will be required to generate an indebt understanding of each area. This understanding will be required to ensure the tests being created fulfil the requirements to simulate a real world environment and therefore provide results that can be realistically analysed. From the attack perspective the coding and understanding of the creation of a specific type of Bot will be an area that the researcher will have the least amount of exposure to. This learning will be both important and beneficial within the project to assist with the design of tests and create a better awareness of the requirements of the detection methods and the implementation of mitigation techniques.
As this proposal has outlined the research will be a combination of literature reviews and practical work to be followed by comparative analysis and proposals. There will be no participants aside from the researcher. It is important therefore from an ethical perspective that all the tests and experiments are confined to this environment and not used in a wider scope.
From a professional perspective and to comply with the standards of ethical and professional conduct all research will be conducted in a proper Academic manner with reference to the BCS code of conduct which includes employing a professional approach, necessary care and the passing of information to others to enhance the area of IT.
Malware or Malicious software comes in many forms and many different purposes. One form of distribution and control of malware is through Botnets. These malicious Botnets can be characterised as an initial single Bot whose purpose it is to grow by replicating to multiple systems with the intent of using the replicated malware to perform large scale attacks.
Kumar, Kumar Sehgal, and Chamotra, (2016) categorise such attacks as DDoS attacks, Phishing attacks, Spam attacks and P2P attacks and this can be supported by Symantec’s annual Internet Security Threat Report where they recorded that a single Bot distributed over 67000 malicious emails in the latter half of 2017. Symantec (2018)
Wainwright and Kettani (2019) in their research explain that a Bot is not itself malware and has many legitimate purposes and has been in existence on the internet since the development of the Internet Relay Channel however Shanthi and Seenivasan (2015) take this a step further by separately defining malicious Botnets as a collection of systems infected with the same Bot with one or more malware payloads.
These systems acting as zombies differ from traditional malware infection as they are under the control of a remote Bot Master operating from a Command and Control Server(s) or C&C with the capability to send commands to these zombies to carry out tasks very quickly and simultaneously.
Czosseck, Klein and Leder (2011) put forward the argument that as most modern Botnets are deployed for malicious purposes, the challenge faced by Antivirus Companies (AV) to keep up to date with new threats is not feasible. Therefore other countermeasures must be developed.
While payloads in the Bots may be designed to steal personal information, create Spam or deny services, it is the behaviour of these Botnets that make detection more difficult. The Botnet Command and Control servers are the critical systems in a successful Botnet attack. Traditionally these C&C servers have been centralised but over time have been replaced in many cases by peer to peer or P2P decentralised C&C servers.
Wang and Yu (2009) suggested a technique based on packet size and timings which targeted a centralised C&C server however Venkatesh et al (2015) through further research suggested a detection technique aimed at P2P or decentralised C&C servers which in themselves are more difficult to take down.
Kumar, Kumar Sehgal and Chamotra (2016) in their research suggest that C&C techniques can be categorised into IRC, HTTP, DNS and P2P with the ultimate intention of activating the malware for Phishing, Spamming or DDoS attacks.
To successfully detect and protect against these Botnet attacks, various techniques have been and are being developed on an ongoing basic.
Zeng Hu and Shin (2010) recommend a multi-layer approach that includes an infrastructure layer such as detection through routers and firewalls as well as a host based software layer using tools such as Intrusion Detection systems or IDS and Intrusion Detection and Prevention systems or IDPS.
Due to the variety of techniques used to distribute the Bots and the complexity of P2P C&C servers no single solution to detect and mitigate against these malicious attacks has been successful. Therefore a framework of mitigation techniques is possibly required to provide a more encompassing solution to protect vulnerable systems and data.
“A positivist, deductive perspective using a quantitative mono method, cross-sectional single-case experiment design approach will be used” (Dudovskiy, J. 2018)
The primary data will be collected by initially creating a series of baselines on the systems and then running a series of tests or experiments against these systems. The purpose of these tests will be to see how well various software operates against specific types of Botnet attacks. These results will be documented and categorised by level of success or failure and will be used in the analysis stage to provide the basis for the proposed mitigation framework.
As in any type of experiment in a controlled environment care will need to be taken to recognise and account for the possibility of false positives and the limited environment that is being used for the tests.
A separate project plan is attached detailing the schedule and stages that will be performed throughout the project duration
References
BCS: The British Computer Society ‘Code of conduct’ Available at: https://www.bcs.org/membership/become-a-member/bcs-code-of-conduct/
Czosseck, C. Klein, G. and Leder, F. (2011) ‘On the Arms Race around Botnets – Setting Up and Taking Down Botnets’ 3rd International Conference on Cyber Conflict
Dudovskiy, J. (2018) The Ultimate Guide to Writing a Dissertation in Business Studies: A Step-by-Step Assistance Available at: https://research-methodology.net/about-us/ebook/
Hoque, N, Bhattacharyya, D.K, and Kalita, J.K, (2015) ‘Botnet in DDoS Attacks: Trends and Challenges’. IEEE Communications Surveys & Tutorials (Volume: 17, Issue: 4),
doi: 10.1109/COMST.2015.2457491
Spitz, D. and Hunter, S. D. (2005). ‘Contested codes: The social construction of Napster’. The Information Society, doi: 10.1080/01972240490951890
Symantec Internet Security Threat Report March 2018 Volume 23. Available at: https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf
Venkatesh, B. Hazra, Choudhury, S.H. Nagaraja, S. Balakrishnan, N. (2015) ‘BotSpot: fast graph based identification of structured P2P bots’ Journal of Computer Virology and Hacking Techniques November 2015, Volume 11, Issue 4, pp 247–261 doi:10.1007/s11416-015-0250-2
Wainwright, P. and Kettani, H. (2019) ‘An Analysis of Botnet Models’ The International Conference on Compute and Data Analysis (ICCDA), doi: 10.1145/3314545.3314562
Wang, T. Yu, S. (2009) ‘Centralized Botnet Detection by Traffic Aggregation’ International Symposium on Parallel and Distributed Processing with Applications. doi: 10.1109/ISPA.2009.74
Zainudeen, S. Shaid, M. and Aizaini Maarof, M. (2015) ‘Malware Behavior Image for Malware Variant Identification’ International Symposium on Biometric and Security Technologies (ISBAST) doi: 10.1109/ISBAST.2014.7013128
Zeng, Y. Hu, X. and Shin, K. (2010). ‘Detection of botnets using combined host and network level information’ International Conference on Dependable Systems and Networks, Chicago, IL doi: 10.1109/DSN.2010.5544306
Resource Books
Caswell, B. Beale, J. and Baker, A. (2007) Snort IDS and IPS Toolkit Available at: http://www.amazon.co.uk
Elisan, C. (2012) Malware, Rootkits & Botnets A Beginner’s Guide Available at: http://www.amazon.co.uk
ICT School (2019) Hacking with Kali Linux Available at: http://www.amazon.co.uk
Provos, N. (2007) Virtual Honeypots: From Botnet Tracking to Intrusion Detection Available at: http://www.amazon.co.uk
Schiller, C. et al, (2012) Botnets: The Killer Web Applications Available at: http://www.amazon.co.uk
Welsh, J. (2017) Hacking with Python Available at: http://www.amazon.co.uk
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download