An Overview of the Botnet Simulation Framework
Conducting research on botnets is oftentimes limited to the analysis of active botnets. This prevents researchers from testing detection and tracking mechanisms on potential future threats. Specifically, in the domain of P2P botnets, the protocol specifics, network churn and anti-tracking mechanisms greatly impact the success or failure of monitoring operations.
Moreover, experiments on real world botnets, commonly lack ground truth to verify the findings. As developing and deploying botnets of sufficient size is accompanied by large costs and administration efforts, this paper attempts to address this issue by introducing a simulation framework for P2P botnets called Botnet Simulation Framework (BSF). BSF can simulate monitoring operations in botnets of more than 20.000 bots to evaluate tracking mechanisms or simulate takedown efforts. Moreover, communication traces can be exported to inject traffic into arbitrary PCAP files for training and evaluation of intrusion detection systems.
D. Andriesse, C. Rossow, B. Stone-Gross, D. Plohmann, and H. Bos, “Highly resilient peer-to-peer botnets are here: An analysis of gameover zeus,” in 2013 8th International Conference on Malicious and Unwanted Software:" The Americas"(MALWARE), pp. 116–123, IEEE, 2013.
N. Falliere, “Sality: Story of a peer-to-peer viral network,” Rapport technique, Symantec Corporation, vol. 32, 2011.
B. Botezatu, “New hide ‘n seek iot botnet using custom-built peer-to-peer communication spotted in the wild.” https://labs:bitdefender:com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/, 2018.
C. G. Cordero, E. Vasilomanolakis, N. Milanov, C. Koch, D. Hausheer, and M. Mühlhäuser, “Id2t: A diy dataset creation toolkit for intrusion detection systems,” in 2015 IEEE Conference on Communications and Network Security (CNS), pp. 739–740, IEEE, 2015.
S. Karuppayah, Advanced Monitoring in P2P Botnets: A Dual Perspective. Singapore: Springer Singapore, springerbr ed., 2018.
C. Rossow, D. Andriesse, T. Werner, B. Stone-Gross, D. Plohmann, C. J. Dietrich, H. Bos, and D. Secureworks, “P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets,” in IEEE Symposium on Security & Privacy, 2013.
B. Kang, E. Chan-Tin, and C. Lee, “Towards complete node enumeration in a peer-to-peer botnet,” Proceedings of International Symposium on Information, Computer, and Communications Security (ASIACCS), 2009.
T. Issariyakul and E. Hossain, Introduction to Network Simulator NS2. Springer Publishing Company, Incorporated, 1st ed., 2010.
G. F. Riley and T. R. Henderson, The ns-3 Network Simulator, pp. 15–34. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010.
A. Varga and R. Hornig, “An overview of the omnet++ simulation environment,” in Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops, p. 60, ICST (Institute for Computer Sciences, Social-Informatics and ... , 2008.
L. Böck, E. Vasilomanolakis, M. Mühlhäuser, and S. Karuppayah, “Next generation p2p botnets: Monitoring under adverse conditions,” in International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 511–531, Springer, 2018.
L. Böck, S. Karuppayah, K. Fong, M. Mühlhäuser, and E. Vasilomanolakis, “Poster: Challenges of accurately measuring churn in p2p botnets,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS’19, (New York, NY, USA), p. 2661–2663, Association for Computing Machinery, 2019.
W. Weibull, “Wide applicability,” Journal of applied mechanics, 1951.
S. Karuppayah, Advanced monitoring in P2P botnets. PhD thesis, Technische Universität Darmstadt, 2016.
A. A. Hagberg, D. A. Schult, and P. J. Swart, “Exploring network structure, dynamics, and function using networkx,” in Proceedings of the 7th Python in Science Conference (G. Varoquaux, T. Vaught, and J. Millman, eds.), (Pasadena, CA USA), pp. 11–15, 2008.
C. R. Harris, K. J. Millman, S. J. van der Walt, R. Gommers, P. Virtanen, D. Cournapeau, E. Wieser, J. Taylor, S. Berg, N. J. Smith, R. Kern, M. Picus, S. Hoyer, M. H. van Kerkwijk, M. Brett, A. Haldane, J. Fernández del Río, M. Wiebe, P. Peterson, P. Gérard-Marchant, K. Sheppard, T. Reddy, W. Weckesser, H. Abbasi, C. Gohlke, and T. E. Oliphant, “Array programming with NumPy,” Nature, vol. 585, p. 357–362, 2020.
P. Virtanen, R. Gommers, T. E. Oliphant, M. Haberland, T. Reddy, D. Cournapeau, E. Burovski, P. Peterson, W. Weckesser, J. Bright, S. J. van der Walt, M. Brett, J. Wilson, K. J. Millman, N. Mayorov, A. R. J. Nelson, E. Jones, R. Kern, E. Larson, C. J. Carey, I. Polat, Y. Feng, E.W. Moore, J. VanderPlas, D. Laxalde, J. Perktold, R. Cimrman, I. Henriksen, E. A. Quintero, C. R. Harris, A. M. Archibald, A. H. Ribeiro, F. Pedregosa, P. van Mulbregt, and SciPy 1.0 Contributors, “SciPy 1.0: Fundamental Algorithms for Scientific Computing in Python,” Nature Methods, vol. 17, pp. 261–272, 2020.
R Core Team, R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria, 2017.
M. Bastian, S. Heymann, and M. Jacomy, “Gephi: an open source software for exploring and manipulating networks,” in Third international AAAI conference on weblogs and social media, 2009.
C. G. Cordero, E. Vasilomanolakis, A. Wainakh, M. Mühlhäuser, and S. Nadjm-Tehrani, “On generating network traffic datasets with synthetic attacks for intrusion detection,” ACM Transactions on Privacy and Security (TOPS), vol. 24, no. 2, 2020.
Copyright (c) 2020 Leon Böck
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.