BlockchainBot: A Novel Botnet Infrastructure Enhanced by Blockchain Technology and IoT

Abstract

Although the traditional P2P botnet has significant resilience against termination, its dependence on neighbor lists (NL) has left it vulnerable to infiltration and destruction. In addition, it is not sufficient in protecting the botmaster’s identity. To overcome these weaknesses, we proposed BlockchainBot, a botnet model that leveraged IoT devices as maintainers, and integrated blockchain, also known as distributed ledger technology (DLT). The BlockchainBot was able to fully deploy bots on public blockchains. It was versatile for multiple botnet applications and eliminated the dependence on NL. In addition, we further introduced a novel method, the forking of a channel, to kick out spy nodes that infiltrate a botnet. To further enforce the resistance against a single point of failure (SPoF), we introduced bot-cluster dispersing to prevent clustering around full nodes and more evenly scatter bots to prevent hostile takeovers. The analysis of the security of BlockchainBot indicated that it had strong resilience against DDoS attacks, Sybil attacks, and forensic investigations. Furthermore, the security of the forking of the channel and bot-cluster dispersing were also shown to be effective. The robustness of the BlockchainBot against the Sybil attack was also briefly discussed. Experimental results authenticated the effectiveness and performance of the BlockchainBot, as compared to previous models.