Research Article
Understanding Adversarial Strategies from Bot Recruitment to Scheduling
@INPROCEEDINGS{10.1007/978-3-319-78813-5_20, author={Wentao Chang and Aziz Mohaisen and An Wang and Songqing Chen}, title={Understanding Adversarial Strategies from Bot Recruitment to Scheduling}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Distributed denial of service Botnets Behavioral analysis}, doi={10.1007/978-3-319-78813-5_20} }- Wentao Chang
Aziz Mohaisen
An Wang
Songqing Chen
Year: 2018
Understanding Adversarial Strategies from Bot Recruitment to Scheduling
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_20
Abstract
Today botnets are still one of the most prevalent and devastating attacking platforms that cyber criminals rely on to launch large scale Internet attacks. Botmasters behind the scenes are becoming more agile and discreet, and some new and sophisticated strategies are adopted to recruit bots and schedule their activities to evade detection more effectively. In this paper, we conduct a measurement study of 23 active botnet families to uncover some new botmaster strategies based on an operational dataset collected over a period of seven months. Our analysis shows that different from the common perception that bots are randomly recruited in a best-effort manner, bots recruitment has strong geographical and organizational locality, offering defenses a direction and priority when attempting to shut down these botnets. Furthermore, our study to measure dynamics of botnet activity reveals that botmasters start to deliberately schedule their bots to hibernate and alternate in attacks so that the detection window becomes smaller and smaller.