Evaluating the Provision of Botnet Defences using Translational Research Concepts.

Botnet research frequently draws on concepts from other fields. An example is the use of epidemiological models when studying botnet propagation, which facilitate an understanding of bot spread dynamics and the exploration of behavioural theory. Whilst the literature is rich with these models, it is lacking in work aimed at connecting the insights of theoretical research with day-to-day practice. To address this, we look at botnets through the lens of implementation science, a discipline from the field of translational research in health care, which is designed to evaluate the implementation process. In this paper, we explore key concepts of implementation science, and propose a framework-based approach to improve the provision of security measures to network entities. We demonstrate the approach using existing propagation models, and discuss the role of implementation science in malware defence

Malicious botnet survivability mechanism evolution forecasting by means of a genetic algorithm

Botnets are considered to be among the most dangerous modern malware types and the biggest current threats to global IT infrastructure. Botnets are rapidly evolving, and therefore forecasting their survivability strategies is important for the development of countermeasure techniques. The article propose the botnet-oriented genetic algorithm based model framework, which aimed at forecasting botnet survivability mechanisms. The model may be used as a framework for forecasting the evolution of other characteristics. The efficiency of different survivability mechanisms is evaluated by applying the proposed fitness function. The model application area also covers scientific botnet research and modelling tasks. Article in English. Kenkėjiškų botnet tinklų išgyvenamumo mechanizmų evoliucijos prognozavimas genetinio algoritmo priemonėmis Santrauka. Botnet tinklai pripažįstami kaip vieni pavojingiausių šiuolaikinių kenksmingų programų ir vertinami kaip viena iš didžiausių grėsmių tarptautinei IT infrastruktūrai. Botnettinklai greitai evoliucionuoja, todėl jų savisaugos mechanizmų evoliucijos prognozavimas yra svarbus planuojant ir kuriant kontrpriemones. Šiame straipsnyje pateikiamas genetiniu algoritmu pagrįstas modelis, skirtas Botnet tinklų savisaugos mechanizmų evoliucijai prognozuoti, kuris taip pat gali būti naudojamas kaip pagrindas kitų Botnet tinklų savybių evoliucijai modeliuoti. Skirtingi savisaugos mechanizmai vertinami taikant siūlomą tinkamumo funkciją. Raktiniai žodžiai: Botnet; genetinis algoritmas; prognozė; savisauga; evoliucija; modeli

Unstructured Peer-to-Peer Botnet Simulation for Measuring Its Robustness

Malware attacks on the Internet have increasedsubstantially in recent years for which botnets are a root cause. A "botnet" is a network of compromised computers controlled by an attacker known as the "botmaster". To be able to effectively detect and defend against botnets, it is very important to have a good understanding of their construction procedure and propagation methodology. In this work, we study the construction of an unstructured peer-to-peer botnet, its propagation methodology, diurnal properties and robustness. This simulation shows that the more frequently a node updates its buddy list, the lesser is the process overhead involved

Unstructured Peer-to-Peer Botnet Simulation for Measuring Its Robustness

Malware attacks on the Internet have increasedsubstantially in recent years for which botnets are a root cause. A "botnet" is a network of compromised computers controlled by an attacker known as the "botmaster". To be able to effectively detect and defend against botnets, it is very important to have a good understanding of their construction procedure and propagation methodology. In this work, we study the construction of an unstructured peer-to-peer botnet, its propagation methodology, diurnal properties and robustness. This simulation shows that the more frequently a node updates its buddy list, the lesser is the process overhead involved

CAREER: adaptive intrusion detection systems

Issued as final reportNational Science Foundation (U.S.