Botnets

From Embedded Lab Vienna for IoT & Security
Revision as of 14:28, 31 January 2020 by Dsloan (talk | contribs)
Jump to navigation Jump to search

Summary

This Wiki entry deals with the topic botnets. It introduces the reader to the key terminology before discussing the various types of botnets, including architecture and infection methods. The explosion in recent years of IoT devices that lack the security standards of devices such as laptops and smartphones has created a new pool of potential hosts for botnets and exacerbated the problem of botnets. Criminals will always look to exploit new technology for illegal financial gains and more must be done on a global level to combat the threat of botnets. Countermeasures and prevention methods will be discussed.

What is a Botnet

A botnet is a network of compromised machines under the control of an attacker.[1]

Types of Botnets

There are two types of botnet architecture - centralised and decentralised.[2] Centralised botnets have a client-server architecture. They usually communicate via IRC protocol.[3] Decentralised botnets have a peer-to-peer(P2P)or unstructured architecture. To create a botnet, machines or IoT devices first need to be infected to allow for remote control. This is done without the consent of the owners. Infection can be done by a special Trojan virus that can breach the security of users’ computers.[4] The botnet is then controlled a person called the Botmaster.[3] Infection mechanisms can include web downloads, email attachments as well as automatic bots that scan for vulnerabilities to exploit.[3] Infection can also come in form of an infected USB stick or an insider attack.

Centralised

In the centralised model, each bot acts only a client receiving instructions from a server. There is a central point that forwards the control messages to the bots.[5]

Peer-to-Peer

In the P2P model, each bot or node acts as both client and server. This means it can both send and receive commands. A P2P botnet is much harder to disrupt as the P2P communication system is much harder to disrupt.[5] Stopping one bot does not lead to stopping the whole botnet. Control commands can be sent from the command and control centre and are then propagated throughout the botnet via the bots themselves.

Unstructured

The unstructured model is a sub-type of P2p model where "no single bot would know about any more than one other bot".[5] The bot or controller would send a message and it would get randomly passed on to the next bot.[5] This makes it very hard to detect the bots and it may not even be possible to detect all the bots.[5] The drawback for the attacker is that there is no guarantee of delivery and the latency is very high.[5]

Components

Every botnet needs bots. These are the machines or IoT devices that are infected by an attacker and make up the network. IoT devices include light bulbs, fridges, sensors and health equipment. The bots are controlled by a command and control server which is in turn controlled by the Botmaster.

Purpose

Botnets can be used for various purposes including DDOS attacks, stealing info from the infected machine (bot), bitcoin mining, spam, phishing, identity theft and keylogging.[3] A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.[6] According to [Gon12, p. 8], a DDoS service can be hired for as little as $10 per hour, $30-70 per day, $150 per week or $1,200 per month. A list of uses for botnets from [7] is as follows:

  • Attack ISPs, sometimes resulting in denial-of-service to legitimate traffic
  • Send spam email
  • Launch DDoS attacks and bring down websites and APIs
  • Perform click fraud
  • Solve weak CAPTCHA challenges on websites in order to imitate human behavior during logins
  • Steal credit card information
  • Hold companies to ransom with threats of DDoS attacks

All these uses are to make money out of the victims or increase the size of the botnet to in turn make more money.

Prevention

Countermeasures

Courses

References

  1. Ben Stock, Jan Göbel, Markus Engelberth, Felix C Freiling, and Thorsten Holz. Walowdac-analysis of a peer-to-peer botnet. In 2009 European Conference on Computer Network Defense, pages 13–20. IEEE, 2009.
  2. Himanshi Dhayal and Jitender Kumar. Botnet and p2p botnet detection strategies: A review. In 2018 International Conference on Communication and Signal Processing (ICCSP), pages 1077–1082. IEEE, 2018.
  3. 3.0 3.1 3.2 3.3 Pedram Amini, Muhammad Amin Araghizadeh, and Reza Azmi. A survey on botnet: Classification, detection and defense. In 2015 International Electronics Symposium (IES), pages 233–238. IEEE, 2015.
  4. Kapersky. https://usa.kaspersky.com/resource-center/threats/botnet-attacks What is a botnet?, 2020. Last accessed Thursday 2nd January, 2020.
  5. 5.0 5.1 5.2 5.3 5.4 5.5 Michael Bailey, Evan Cooke, Farnam Jahanian, Yunjing Xu, and Manish Karir. A survey of botnet technology and defenses. In 2009 Cybersecurity Applications & Technology Conference for Homeland Security, pages 299–304. IEEE, 2009.
  6. Arbor Networks Google Ideas. https://www.digitalattackmap.com/understanding-ddos/ What is a ddos attack?, 2013. Last accessed Tuesday 7th January, 2020.
  7. Max Goncharov. Russian underground 101. Trend Micro incorporated research paper, page 51, 2012.
Retrieved from "https://wiki.elvis.science/index.php?title=Botnets&oldid=2763"