An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Andbot: towards advanced mobile botnets
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Hi-index | 0.00 |
Nowadays, most of research on botnet survivability only focuses on the advanced design of downstream (from botmasters to bots, used to deliver commands) command and control (C&C) channel. However, the upstream (from bots to botmasters, used to upload the collected data on victims) C&C channel remains vulnerable and low-efficiency in most of botnets to this day. To address the problem, we propose a C&C channel division scheme and then establish a Botnet Triple-Channel Model (BTM). BTM divides a traditional C&C channel into three independent sub-channels, denoting as Command Download Channel (CDC), Registration Channel (RC) and Data Upload Channel (DUC), respectively. To illuminate the feasibility and advantages, we implement a BTM botnet prototype which exploits URL Flux for CDC, Domain-flux for RC, and introduces a new approach (Cloud-based File Hosting and URL Shortening Services) for DUC. Compared with current botnets, the proposed BTM botnet will promise to be as robust as P2P botnets and as efficient as centralized botnets. The ultimate goal of our work is to increase the understanding of advanced botnets which will promote the development of more efficient countermeasures.