Analytical Lifecycle Modeling and Threat Analysis of Botnets

Botnet, which is an overlay network of compromised computers built by cybercriminals known as botmasters, is the new phenomenon that has caused deep concerns to the security professionals responsible for governmental, academic, and private sector networks. Botmasters use a plethora of methods to inf...

Full description

Bibliographic Details
Main Author: Khosroshahy, Masood
Format: Others
Published: 2013
Online Access:http://spectrum.library.concordia.ca/976958/1/Khosroshahy_PhD_S2013.pdf
Khosroshahy, Masood <http://spectrum.library.concordia.ca/view/creators/Khosroshahy=3AMasood=3A=3A.html> (2013) Analytical Lifecycle Modeling and Threat Analysis of Botnets. PhD thesis, Concordia University.
id ndltd-LACETR-oai-collectionscanada.gc.ca-QMG.976958
record_format oai_dc
spelling ndltd-LACETR-oai-collectionscanada.gc.ca-QMG.9769582013-10-22T03:48:14Z Analytical Lifecycle Modeling and Threat Analysis of Botnets Khosroshahy, Masood Botnet, which is an overlay network of compromised computers built by cybercriminals known as botmasters, is the new phenomenon that has caused deep concerns to the security professionals responsible for governmental, academic, and private sector networks. Botmasters use a plethora of methods to infect network-accessible devices (nodes). The initial malware residing on these nodes then either connects to a central Command & Control (C&C) server or joins a Peer-to-Peer (P2P) botnet. At this point, the nodes can receive the commands of the botmaster and proceed to engage in illicit activities such as Distributed Denial-of-Service (DDoS) attacks and massive e-mail spam campaigns. Being able to reliably estimate the size of a botnet is an important task which allows the adequate deployment of mitigation strategies against the botnet. In this thesis, we develop analytical models that capture the botnet expansion and size evolution behaviors in sufficient details so as to accomplish this crucial estimation/analysis task. We develop four Continuous-Time Markov Chain (CTMC) botnet models: the first two, SComI and SComF, allow the prediction of initial unhindered botnet expansion in the case of infinite and finite population sizes, respectively. The third model, the SIC model, is a botnet lifecycle model which accounts for all important node stages and allows botnet size estimates as well as evaluation of botnet mitigation strategies such as disinfections of nodes and attacks on botnet's C&C mechanism. Finally, the fourth model, the SIC-P2P model, is an extension of the SIC model suitable for P2P botnets, allowing fine-grained analysis of mitigation strategies such as index poisoning and sybil attack. As the convergence of Internet and traditional telecommunication services is underway, the threat of botnets is looming over essential basic communication services. As the last contribution presented in this thesis, we analyze the threat of botnets in the 4G cellular wireless networks. We identify the vulnerability of the air interface, i.e. the Long Term Evolution (LTE), which allows a successful botnet-launched DDoS attack against it. Through simulation using an LTE simulator, we determine the number of botnet nodes per cell that can significantly degrade the service availability of such cellular networks. 2013-03 Thesis NonPeerReviewed application/pdf http://spectrum.library.concordia.ca/976958/1/Khosroshahy_PhD_S2013.pdf Khosroshahy, Masood <http://spectrum.library.concordia.ca/view/creators/Khosroshahy=3AMasood=3A=3A.html> (2013) Analytical Lifecycle Modeling and Threat Analysis of Botnets. PhD thesis, Concordia University. http://spectrum.library.concordia.ca/976958/
collection NDLTD
format Others
sources NDLTD
description Botnet, which is an overlay network of compromised computers built by cybercriminals known as botmasters, is the new phenomenon that has caused deep concerns to the security professionals responsible for governmental, academic, and private sector networks. Botmasters use a plethora of methods to infect network-accessible devices (nodes). The initial malware residing on these nodes then either connects to a central Command & Control (C&C) server or joins a Peer-to-Peer (P2P) botnet. At this point, the nodes can receive the commands of the botmaster and proceed to engage in illicit activities such as Distributed Denial-of-Service (DDoS) attacks and massive e-mail spam campaigns. Being able to reliably estimate the size of a botnet is an important task which allows the adequate deployment of mitigation strategies against the botnet. In this thesis, we develop analytical models that capture the botnet expansion and size evolution behaviors in sufficient details so as to accomplish this crucial estimation/analysis task. We develop four Continuous-Time Markov Chain (CTMC) botnet models: the first two, SComI and SComF, allow the prediction of initial unhindered botnet expansion in the case of infinite and finite population sizes, respectively. The third model, the SIC model, is a botnet lifecycle model which accounts for all important node stages and allows botnet size estimates as well as evaluation of botnet mitigation strategies such as disinfections of nodes and attacks on botnet's C&C mechanism. Finally, the fourth model, the SIC-P2P model, is an extension of the SIC model suitable for P2P botnets, allowing fine-grained analysis of mitigation strategies such as index poisoning and sybil attack. As the convergence of Internet and traditional telecommunication services is underway, the threat of botnets is looming over essential basic communication services. As the last contribution presented in this thesis, we analyze the threat of botnets in the 4G cellular wireless networks. We identify the vulnerability of the air interface, i.e. the Long Term Evolution (LTE), which allows a successful botnet-launched DDoS attack against it. Through simulation using an LTE simulator, we determine the number of botnet nodes per cell that can significantly degrade the service availability of such cellular networks.
author Khosroshahy, Masood
spellingShingle Khosroshahy, Masood
Analytical Lifecycle Modeling and Threat Analysis of Botnets
author_facet Khosroshahy, Masood
author_sort Khosroshahy, Masood
title Analytical Lifecycle Modeling and Threat Analysis of Botnets
title_short Analytical Lifecycle Modeling and Threat Analysis of Botnets
title_full Analytical Lifecycle Modeling and Threat Analysis of Botnets
title_fullStr Analytical Lifecycle Modeling and Threat Analysis of Botnets
title_full_unstemmed Analytical Lifecycle Modeling and Threat Analysis of Botnets
title_sort analytical lifecycle modeling and threat analysis of botnets
publishDate 2013
url http://spectrum.library.concordia.ca/976958/1/Khosroshahy_PhD_S2013.pdf
Khosroshahy, Masood <http://spectrum.library.concordia.ca/view/creators/Khosroshahy=3AMasood=3A=3A.html> (2013) Analytical Lifecycle Modeling and Threat Analysis of Botnets. PhD thesis, Concordia University.
work_keys_str_mv AT khosroshahymasood analyticallifecyclemodelingandthreatanalysisofbotnets
_version_ 1716608356142022656