Framework for botnet emulation and analysis

Criminals use the anonymity and pervasiveness of the Internet to commit fraud, extortion, and theft. Botnets are used as the primary tool for this criminal activity. Botnets allow criminals to accumulate and covertly control multiple Internet-connected computers. They use this network of controlled computers to flood networks with traffic from multiple sources, send spam, spread infection, spy on users, commit click fraud, run adware, and host phishing sites. This presents serious privacy risks and financial burdens to businesses and individuals. Furthermore, all indicators show that the problem is worsening because the research and development cycle of the criminal industry is faster than that of security research. To enable researchers to measure botnet connection models and counter-measures, a flexible, rapidly augmentable framework for creating test botnets is provided. This botnet framework, written in the Ruby language, enables researchers to run a botnet on a closed network and to rapidly implement new communication, spreading, control, and attack mechanisms for study. This is a significant improvement over augmenting C++ code-bases for the most popular botnets, Agobot and SDBot. Rubot allows researchers to implement new threats and their corresponding defenses before the criminal industry can. The Rubot experiment framework includes models for some of the latest trends in botnet operation such as peer-to-peer based control, fast-flux DNS, and periodic updates. Our approach implements the key network features from existing botnets and provides the required infrastructure to run the botnet in a closed environment.Ph.D.Committee Chair: Copeland, John; Committee Member: Durgin, Gregory; Committee Member: Goodman, Seymour; Committee Member: Owen, Henry; Committee Member: Riley, Georg

Managing the Paradox of Growth in Brand Communities Through Social Media

The commercial benefits of online brand communities are an important focus for marketers seeking deeper engagement with increasingly elusive consumers. Managing participation in these socially bound brand conversations challenges practitioners to balance authenticity towards the community against corporate goals. This is important as social media proliferation affords communities the capacity to reach a scale well beyond their offline equivalents and to operate independently of brands. While research has identified the important elements of engagement in brand communities, less is known about how strategies required to maximise relationships in these circumstances must change with growth. Using a case study approach, we examine how a rapidly growing firm and its community have managed the challenges of a maturing relationship. We find that, in time, the community becomes self-sustaining, and a new set of marketing management strategies is required to move engagement to the next level

Simulation and Analysis on the Resiliency and Efficiency of Malnets

Future network intruders will probably use an organized army of malicious nodes (here called “malnodes”, or collectively a “malnet”) to deliver many different attacks, rather than recruiting a disorganized set of compromised nodes per attack. However, partly due to the lack of understanding of the resiliency and efficiency a malnet can have, countering malnets has been ineffective. This paper begins to address this deficiency. Through calculation and simulation for three representative malnets—random, small-world, and Gnutella-like—we show that extremely resilient malnets can be formed to deliver attack code quickly. In particular, we show that disconnecting malnets is possible, but extremely naive approaches such as randomly disinfecting malnodes will not suffice, and effective defenses must either happen very quickly during a second-wave attack, or take effect prior to it. 1