Share Email Print
cover

Proceedings Paper

Considerations and foundations for Botnet simulation
Author(s): Martin R. Stytz; Sheila B. Banks
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

"Botnets", or "bot armies", are large groups of remotely controlled malicious software. Bot armies pose one of the most serious security threats to all networks. Botnets, remotely controlled and operated by botmasters or botherders, can launch massive denial of service attacks, multiple penetration attacks, or any other malicious network activity on a massive scale. While bot army activity has, in the past, been limited to fraud, blackmail, and other forms of criminal activity, their potential for causing large-scale damage to the entire internet; for launching large-scale, coordinated attacks on government computers and networks; and for large-scale, coordinated data gathering from thousands of users and computers on any network has been underestimated. This paper will not discuss how to build bots but the threats they pose. In a "botnet" or "bot army", computers can be used to spread spam, launch denial-of-service attacks against Web sites, conduct fraudulent activities, and prevent authorized network traffic from traversing the network. In this paper, we examine the need for botnet defense training within existing simulation environments and present our suggestions for the capabilities needed for training systems for botnet activities. In this paper we discuss botnet technology and review the technologies that underlie this threat to network, information, and computer security. The second section contains background information about bot armies and key foundational bot technologies. The third section presents a discussion of the types of attacks that botnets can conduct, defenses against them and our suggestions for simulating botnet activities, including suggested message formats for distributing bot simulation commands and for distributing information needed to simulate both the effects of bot attacks and defensive responses to bot attacks. The fourth section contains a summary and suggestions for future research.

Paper Details

Date Published: 13 April 2009
PDF: 11 pages
Proc. SPIE 7344, Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009, 73440H (13 April 2009); doi: 10.1117/12.818364
Show Author Affiliations
Martin R. Stytz, Institute for Defense Analyses (United States)
Sheila B. Banks, Calculated Insight (United States)


Published in SPIE Proceedings Vol. 7344:
Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top