MRRbot: A Multi-Role and Redundancy-Based P2P Botnet Model
Li Shuhao, Yun Xiaochun, Hao Zhiyu, and Zhai Lidong
Related Articles |
As common platforms of cyber attacks, botnets cause great damage and bring serious threats. Though the defenses against current botnets are effective, botnets evolution gives defenders a big challenge, which is worse with the development of tri-network integration. Therefore, it is indispensable to predict future botnets for timely defense. In this paper, we summarize the weaknesses of existing botnets, and present the design of a mutli-role and redundancy-based P2P botnet model (MRRbot). In this model, fake bots are created to be an important role that can help enhance bots credibility and pertinence, and a redundancy mechanism and a selection algorithm are designed to improve the invisibility and robustness of the command and control channel. Furthermore, MRRbot is analyzed and evaluated on its controllability, efficiency, invulnerability, and its robustness is compared with others previous work. Both theoretical analysis and experimental results demonstrate that MRRbots botmasters can quickly publish commands to each bot with the probability close to 100%, even suffering effective defenses. MRRbot is more dangerous with high controllability, efficiency, robustness and invulnerability, which is likely to be adopted by attackers in the future. Finally, a defense system against this advanced botnet, which is based on the volunteer network, is suggested.