6 research outputs found
Recommended from our members
Evaluating the Provision of Botnet Defences using Translational Research Concepts.
Botnet research frequently draws on concepts from other fields. An example is the use of epidemiological models when studying botnet propagation, which facilitate an understanding of bot spread dynamics and the exploration of behavioural theory. Whilst the literature is rich with these models, it is lacking in work aimed at connecting the insights of theoretical research with day-to-day practice. To address this, we look at botnets through the lens of implementation science, a discipline from the field of translational research in health care, which is designed to evaluate the implementation process. In this paper, we explore key concepts of implementation science, and propose a framework-based approach to improve the provision of security measures to network entities. We demonstrate the approach using existing propagation models, and discuss the role of implementation science in malware defence
Recommended from our members
Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks
The propagation approach of a botnet largely dictates its formation, establishing a foundation of bots for future exploitation. The chosen propagation method determines the attack surface, and consequently, the degree of network penetration, as well as the overall size and the eventual attack potency. It is therefore essential to understand propagation behaviours and influential factors in order to better secure vulnerable systems. Whilst botnet propagation is generally well-studied, newer technologies like IoT have unique characteristics which are yet to be thoroughly explored. In this paper, we apply the principles of epidemic modelling to IoT networks consisting of wireless sensor nodes. We build IoT-SIS, a novel propagation model which considers the impact of IoT-specific characteristics like limited processing power, energy restrictions, and node density on the formation of a botnet. Focusing on worm-based propagation, this model is used to explore the dynamics of spread using numerical simulations and the Monte Carlo method, and to discuss the real-life implications of our findings
Recommended from our members
Modelling DoS Attacks & Interoperability in the Smart Grid
Smart grids perform the crucial role of delivering electricity to millions of people and driving today’s industries. However, the integration of physical operational technology (OT) with IT systems introduces many security challenges. Denial-of-Service (DoS) is a well-known IT attack with a large potential for damage within the smart grid. Whilst DoS is relatively well-understood in IT networks, the unique characteristics and requirements of smart grids bring up new challenges. In this paper, we examine this relationship and propose the OT impact chain to capture possible sequences of events resulting from an IT-side DoS attack. We then apply epidemic principles to explore the same dynamics using the proposed S-A-C model
Recommended from our members
Survey of Approaches and Features for the Identification of HTTP-Based Botnet Traffic
Botnet use is on the rise, with a growing number of botmasters now switching to the HTTP-based C&C infrastructure. This offers them more stealth by allowing them to blend in with benign web traffic. Several works have been carried out aimed at characterising or detecting HTTP-based bots, many of which use network communication features as identifiers of botnet behaviour. In this paper, we present a survey of these approaches and the network features they use in order to highlight how botnet traffic is currently differentiated from normal traffic. We classify papers by traffic types, and provide a breakdown of features by protocol. In doing so, we hope to highlight the relationships between features at the application, transport and network layers
Recommended from our members
Modelling smart grid IT-OT dependencies for DDoS impact propagation
The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid’s composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid’s networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models