Research On Command And Control Channel Of Botnet

With the rapid development of Internet technology and the expansion of applications, Internet has become an essential part of human life. Network security is not only threatening people’s property and personal privacy, but also is threatening national security. As a common attack platform, botnet is a powerful weapon which would be used by the botmaster to launch all kinds of network attacks. Thus, it’s very important to study how to eliminate the threat posed by botnets. The reason that botnets can cause huge damage lies in its command and control channel (C&C), with which the botmaster is able to collect discrete host resources forming a great resultant power to launch a variety of value-added attacks. Therefore, research on botnet should focuses on research of C&C.Research on C&C should not only focus on botnet detection, botnet tracking and botnet measurement, but also pay more attention to C&C design which may be used in future. Predicting the technology which may be used by botmaster can highly attract security researchers’ attention.From the view of the attacker, the paper analyzes various forms of attack targeting on botnet C&C. Based on this, the building objective of C&C is put forward and a combinatorial structured C&C consisting of P2Pstructure and Domain Flux is proposed. In our proposal, it overcomes the problem of single point of failure during bootstrap process. It can prevent being hijacked by unauthorized third party. Moreover, it can defend against Sybil attack and routing table pollution. Meanwhile, it supports partial management on bots. Such a design for C&C has high practice value and research value.From the perspective of complex network, a botnet can be viewed as an undirected graph in which the nodes represent compromised computers and the edges represent connections between zombies. This paper defines the robustness of botnet as the probability that a botnet remains connected together after a fraction of zombies are removed. Through simulation, results show that even if 90% of zombies in the proposed botnet are removed, more than 50% of remaining zombies can maintain connected. Meanwhile, even if 30% entries of the routing table are polluted, more than 96% zombies have more than 6 credible entries in their routing table. Also, the result shows that the high robustness of the proposed botnet is not based on a large routing table.The proposed botnet has much practice value. Many successful cases have shown that the combination of P2P and C-S structured C&C will be a developing trend. Carrying out research on design of combinatorial C&C ahead of time makes a big sense to counter against botnet. Finally, defense proposal on botnet detection, measurement, tracking and other aspects are discussed.