Business Model of a Botnet

Botnets continue to be an active threat against firms or companies and individuals worldwide. Previous research regarding botnets has unveiled information on how the system and their stakeholders operate, but an insight on the economic structure that supports these stakeholders is lacking. The objective of this research is to analyse the business model and determine the revenue stream of a botnet owner. We also study the botnet life-cycle and determine the costs associated with it on the basis of four case studies. We conclude that building a full scale cyber army from scratch is very expensive where as acquiring a previously developed botnet requires a little cost. We find that initial setup and monthly costs were minimal compared to total revenue.Comment: Proceedings of 2018, 26th Euromicro International conference on Parallel, Distributed, and Network-Based Processing (PDP

Evaluating the Provision of Botnet Defences using Translational Research Concepts.

Botnet research frequently draws on concepts from other fields. An example is the use of epidemiological models when studying botnet propagation, which facilitate an understanding of bot spread dynamics and the exploration of behavioural theory. Whilst the literature is rich with these models, it is lacking in work aimed at connecting the insights of theoretical research with day-to-day practice. To address this, we look at botnets through the lens of implementation science, a discipline from the field of translational research in health care, which is designed to evaluate the implementation process. In this paper, we explore key concepts of implementation science, and propose a framework-based approach to improve the provision of security measures to network entities. We demonstrate the approach using existing propagation models, and discuss the role of implementation science in malware defence

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

The Architectural Dynamics of Encapsulated Botnet Detection (EDM)

Botnet is one of the numerous attacks ravaging the networking environment. Its approach is said to be brutal and dangerous to network infrastructures as well as client systems. Since the introduction of botnet, different design methods have been employed to solve the divergent approach but the method of taking over servers and client systems is unabated. To solve this, we first identify Mpack, ICEpack and Fiesta as enhanced IRC tool. The analysis of its role in data exchange using OSI model was carried out. This further gave the needed proposal to the development of a High level architecture representing the structural mechanism and the defensive mechanism within network server so as to control the botnet trend. Finally, the architecture was designed to respond in a proactive state when scanning and synergizing the double data verification modules in an encapsulation manner within server system

The botnet: webs of hegemony/zombies who publish

The scholarly communication structure at present bears a strong resemblance to a malware system called a botnet. This piece explores this metaphor and proposes ways in which the library can become a bi-directional information hub called the Research Output Team as a potential antidote