Presented at
Black Hat Europe 2017,
Dec. 6, 2017, 5 p.m.
(30 minutes).
Defending against botnets has always been a cat and mouse game. Cyber-security researchers and government agencies attempt to detect and take down botnets by playing the role of the cat. In this context, a lot of work has been done towards reverse engineering certain variants of malware families as well as understanding the network protocols of botnets to identify their weaknesses (if any) and exploit them. While this is necessary, such an approach offers the botmasters the ability to quickly counteract the defenders by simply performing small changes in their arsenals.
We attempt a different approach by actually taking the role of the Botmaster, to eventually anticipate his behavior. That said, in this presentation, we present a novel computational trust mechanism for fully distributed botnets that allows for a resilient and stealthy management of the infected machines (zombies). We exploit the highly researched area of computational trust to create an autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms such as sensors and crawlers. In our futuristic botnet, zombies are both smart and cautious. They are cautious in the sense that they are careful with whom they communicate with. Moreover, they are smart enough to learn from their experiences and infer whether their fellow zombies are indeed who they claim to be and not government agencies' spies. We study different computational trust models, mainly based on Bayesian inference, to evaluate their advantages and disadvantages in the context of a distributed botnet. Furthermore, we show, via our experimental results, that our approach is significantly stronger than any technique that has been seen in botnets to date. Finally, we step out of the adversarial perspective and touch the topic of countermeasures against our own approach.
Presenters:
-
Emmanouil Vasilomanolakis
- Dr., Technische Universität Darmstadt
Emmanouil Vasilomanolakis is a senior researcher (post-doc) at Technische Universität Darmstadt. His research interests include collaborative intrusion detection, honeypots, botnet monitoring and alert data correlation. He received a PhD (Dr. rer. nat.) from the Technische Universität Darmstadt in 2016 for his dissertation "On Collaborative Intrusion Detection". Heretofore, he received his diploma (Dipl.-Inform.) and MSc from the University of the Aegean (Greece) in 2008 and 2011 respectively. His master thesis, in the area of honeypots, was conducted in cooperation with the National Center of Scientific Research "Demokritos". Lastly, he worked as a researcher for AGT International, on the field of IoT security, from 2014-2015.
-
Jan Helge Wolf
- Mr., Technische Universität Darmstadt
Jan Helge Wolf is a Master's student at the Technical University of Darmstadt. His research interests center around cybercrime, darknet markets, and the intersection of (offensive) information security and business in general. After obtaining his B.Sc. in Information Systems at the University of Münster, Germany, Jan is currently pursuing his M.Sc. in Security & Privacy at the EIT Digital Master School. Within this program, he has spent one year at the University of Trento, Italy, and he is currently writing his final thesis on trust management in P2P botnets.
-
Leon Böck
- Mr., Technische Universität Darmstadt
Leon Böck is an IT Security master's student at the Technical University of Darmstadt. His research interests are focused on P2P botnets, privacy and network security. He received his B. Sc. in computer science from TU Darmstadt in 2016 with a bachelor thesis on the topic "Advanced P2P Botnet Monitoring via Intelligent Sensor Injection". Pursuing the research on P2P botnets, he is currently writing his master thesis on the topic "On the efficiency of P2P botnet monitoring strategies".
-
Max Mühlhäuser
- Prof. Dr., Technische Universität Darmstadt
Prof. Dr. Max Mühlhäuser is head of the Telecooperation Lab and Dean of Computer Science at Technische Universität Darmstadt. He is leading the Doctoral School on "Privacy and Trust for Mobile Users", acts as deputy speaker of the CRC on the Future Internet and as PI at the CRISP research center and at the collaborative research center (CRC) on Cryptography-Based Security Solutions. Together with about 35 team members, he conducts research in three domains of computer science as follows. (1) Cybersecurity, -Privacy and –Trust- e.g., assessment measures for IT security and QoS scenarios based on computational trust, privacy for mobile and for smart meter networks, damage/attack resilience for critical infrastructures. (2) Computer Networks and Distributed Systems – e.g., new methods for sensor, event and media networks, in-network-processing in software defined networks (SDN), and intelligent environments at personal to city scale. (3) Human Computer Interaction – e.g., novel interaction concepts for 3D-printed personalized devices, immersive and on-body-interaction, novel augmented and mobile-interaction technology, and electronic tables and walls. Following his PhD in Karlsruhe in 1986, Prof. Mühlhäuser was founder and head of an industrial research center. He worked as either professor or visiting professor at universities in Germany, the US, Canada, Australia, France, and Austria. He published more than 400 Articles, books and book chapters. 2012 he was appointed Adjunct Professor at QUT Brisbane, since 2015 he is a member of acatech, the German Academy of the Technical Sciences.
-
Shankar Karuppayah
- Dr., Universiti Sains Malaysia
Shankar Karuppayah is a Senior Lecturer at the National Advanced IPv6 Centre, Universiti Sains Malaysia since June 2016. Previously, he was attached to the Center for Advanced Security Research Darmstadt (CASED) / TU Darmstadt, Germany (2012-16) where he also obtained his PhD. Shankar received his M.Sc. (Software Systems Engineering) from a collaboration programme between RWTH Aachen, Germany and KMUTNB, Thailand in 2011 and his B.Sc. (Computer Sciences) from Universiti Sains Malaysia in 2009. His research interests encompass Internet of Things (IoT), IT and network security, network monitoring, and botnets.
Links:
Similar Presentations: