| Botnet is one of the most serious threats to Internet security. They use common protocols to communicate their command and control (C&C) messages. This research presents a novel firewall approach to mitigate the effect of botnets by disrupting their C&C communications. The proposed approach is based on a simple concept that is distributed and does not require any infrastructure changes. It is capable of protecting the network from new unknown botnets because it disrupts the botnet's C&C communication instead of trying to detect the botnet. It does so by insuring that the user is aware of any communication from unknown application. Thus, it disrupts the botmaster's communication with its bots. Moreover, we provided the first evidence that the context in which warning messages are displayed does not affect user decisions but that the content of the warning message does have an impact. We also show that users understood the need for such warning messages and wanted to be involved in the decision-making process as long as they were not interrupted too frequently. As simulation results demonstrate the concept of this research, our firewall system could help mitigate the effect of botnets' zero-day attacks. |
