Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers

Research Article

Botnet Triple-Channel Model: Towards Resilient and Efficient Bidirectional Communication Botnets

Download
580 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-04283-1_4,
        author={Cui Xiang and Fang Binxing and Shi Jinqiao and Liu Chaoge},
        title={Botnet Triple-Channel Model: Towards Resilient and Efficient Bidirectional Communication Botnets},
        proceedings={Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2014},
        month={6},
        keywords={Botnet C\&C BTM URL Flux Domain Flux Cloud Flux},
        doi={10.1007/978-3-319-04283-1_4}
    }
    
  • Cui Xiang
    Fang Binxing
    Shi Jinqiao
    Liu Chaoge
    Year: 2014
    Botnet Triple-Channel Model: Towards Resilient and Efficient Bidirectional Communication Botnets
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-04283-1_4
Cui Xiang1,*, Fang Binxing, Shi Jinqiao1, Liu Chaoge1
  • 1: Chinese Academy of Sciences
*Contact email: cuixiang@ict.ac.cn

Abstract

Current research on future botnets mainly focuses on how to design a resilient command and control (C&C) channel. However, the data channel, which is generally vulnerable, inefficient even absent, has attracted little attention. In fact, most of current botnets (even large-scale and well-known) contain either a resilient (maybe also efficient) unidirectional downlink C&C channel or a vulnerable bidirectional communication channel, making the botnets either hard to monitor or easy to be taken down. To address the above problem and equip a botnet with resilient and efficient bidirectional communication capability, in this paper, we propose a communication channel division scheme and then establish a Botnet Triple-Channel Model (BTM). In a nutshell, BTM divides a traditional communication channel into three independent sub-channels, denoting as , , respectively. To illuminate the feasibility, we implement a BTM based botnet prototype named , which exploits URL Flux for CDC, Domain Flux for RC and Cloud Flux for DUC. We also evaluate the resilience and efficiency of RoemBot. In the end, we attempt to make a conclusion that resilient and efficient bidirectional communication design represents a main direction of future botnets.