Abstract
The paper presents an analysis of cyber-threats, with particular emphasis on the threats resulting from botnet activity. Botnets are the most common types of threats and often perceived as crucial in terms of national security. Their classification and methods of spreading are the basis for creating cyberspace model including the presence of different types of cyber-threats. A well-designed cyberspace model enables to construct an experimental environment that allows for the analysis of botnet characteristics, testing its resistance to various events and simulation of the spread and evolution. For this purpose, dedicated platforms with capabilities and functional characteristics to meet these requirements have been proposed.
Highlights
When analyzing historical data on cyber attacks [5], we may see that in the majority of cases, the sources of such attacks were botnets, which are basically computers infected with malicious software, which provide their creators with a certain level of control over the infected devices [23]
Botnet networks with mixed architecture are sometimes created. This approach facilitates the sending of the "neighbors" list to recently infected computers, which first communicate with Command and Control servers (C&C) to obtain such list and switch into the P2P communication
Analysis of incoming/outcoming traffic - the analysis which is mainly based on the network traffic monitoring via Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
Summary
When analyzing historical data on cyber attacks [5], we may see that in the majority of cases, the sources of such attacks were botnets, which are basically computers (zombies, bots) infected with malicious software (malware), which provide their creators with a certain level of control over the infected devices [23]. The largest observed networks contained even a couple of millions of the infected computers. Such an army of bots allows to make a lot attacks, without the knowledge of the users. All infected computers communicate with the Command and Control servers (C&C). In the decentralized model called peer-to-peer (P2P) model, the botnet network has a distributed structure, within the framework of which every zombie computer may play the role of the managing server. In the P2P architecture, it is enough when the botmaster has access to any zombie computer The idea of such approach is to provide a single bot with a list of "neighboring" devices and once it receives a message, it shall resend it to such "neighbors". Every zombie computer may play the role of the management center
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have