Botconf Author Listing

To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time, to compare them against each other and traditional Windows based P2P botnets. During this process we came across several challenges and insights in scaling and maintaining multiple monitoring operations simultaneously. In this talk we want to share our insights and introduce the Botnet Monitoring System, a tool to reduce redundancy and enable collaboration for P2P botnet monitoring.

Conducting botnet research is oftentimes limited to the anal-ysis of active botnets. This prevents researchers from testing detectionand tracking mechanisms on potential future threats. Specifically in thedomain of P2P botnets, the configuration parameters, network churnand anti-tracking mechanisms greatly impact the success of monitoringoperations. As developing and deploying botnets for testing is not pos-sible at scale, this paper attempts to address this issue by introducinga simulation framework for P2P botnets. The capabilities of this frame-work include the simulation of P2P botnets with more than 10,000 bots,realistic churn behaviors and implementation of common P2P botnetmonitoring mechanisms. Furthermore, BSF allows the possibility of thesimulated traffic to be injected into arbitrary network files (i.e. PCAP)using the Intrusion Detection Dataset Toolkit (ID2T).