Comprehensive Analysis of Botnets and Associated Cyber Crimes

Verified

Added on 2022/08/20

AI Summary

This report provides a comprehensive overview of botnets and their associated cybercrimes. It begins with an introduction to botnets, defining them as networks of compromised devices controlled remotely by a botmaster. The report then delves into the characteristics of botnets, including their malicious activities such as DDoS attacks, spamming, and theft of personal information. It explores the botnet lifecycle, covering infection, propagation, command and control mechanisms, and abandonment. Different command and control (C&C) mechanisms, protocols (IRC, P2P, HTTP), and detection methods (host-based, network-based, signature-based, anomaly-based) are discussed. The report also addresses the current challenges in botnet detection, including evolving techniques and environments, and feature extraction methods. It concludes with an examination of current studies and related work in the field, providing a valuable resource for understanding the complexities of botnets and their impact on cybersecurity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: Botnets Cyber Crimes 1
BOTNETS S CYBERCRIMES
[Student name]
[University name]
Research on the Botnets s Cybercrimes

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2Botnets Cyber Crimes
Table of Contents
1 CHAPTER TWO LITERATURE REVIEW...................................................................................................4
1.1 INTRODUCTION............................................................................................................................4
1.2 CHARACTERISTICS OF BOTNETS ..................................................................................................4
1.2.1 What a bot and a Botnets ?.................................................................................................4
1.2.2 Botnets s Malicious Activities...............................................................................................4
1.2.2.1 DDOS................................................................................................................................4
1.2.2.2 Spamming........................................................................................................................4
1.2.2.3 Thieving Personal Information.........................................................................................4
1.2.2.4 Illegal Hosting, Sale or Rent Services................................................................................4
1.2.2.5 Click Fraud and Adware...................................................................................................4
1.3 Botnets Lifecycle.........................................................................................................................4
1.3.1 Infection and Propagation...................................................................................................4
1.3.2 Rallying................................................................................................................................4
1.3.3 Commands and Reports.......................................................................................................4
1.3.4 Abandon..............................................................................................................................4
1.3.5 Securing the Botnets ...........................................................................................................4
1.4 Command and Control (C&C) Mechanism...................................................................................5
1.4.1 Centralised C&C...................................................................................................................5
1.4.2 Decentralised C&C...............................................................................................................5
1.4.3 Hybrid C&C...........................................................................................................................5
1.5 Botnets protocols........................................................................................................................5
1.5.1 IRC-Based Botnets ...............................................................................................................5
1.5.2 P2P Botnets .........................................................................................................................5
1.5.3 HTTP-Based Botnets ............................................................................................................5
1.6 BOTNETS DETECTION..................................................................................................................5
1.6.1 Host-Based...........................................................................................................................5
1.6.2 Network-Based....................................................................................................................5
1.6.3 Signature-based Detection..................................................................................................5
1.6.4 Anomaly-based Detection....................................................................................................5
1.6.4.1 Detection by DNS Traffic Monitoring...............................................................................5
1.6.4.2 Behavioural Analysis Detection........................................................................................5

3Botnets Cyber Crimes
1.6.4.3 Attack Behaviour Analysis................................................................................................5
1.6.4.4 Operational Behaviour Analysis.......................................................................................5
1.7 CURRENT CHALLENGES of Botnets Detection.............................................................................5
1.7.1 General Botnets Detection Challenges................................................................................5
1.7.2 Changing Techniques and Environments.............................................................................5
1.7.3 Small-Scale and Single Bot Detection...................................................................................5
1.7.4 Botnets Response, Prevention and Mitigation....................................................................5
1.8 Feature Extraction in Botnets Detection.....................................................................................6
1.8.1 Source and Destination IP addresses...................................................................................6
1.8.2 Source and Destination port................................................................................................6
1.8.3 Protocol...............................................................................................................................6
1.8.4 Duration and Periodicity......................................................................................................6
1.8.5 Flow size features................................................................................................................6
1.8.6 Number of Transferred Packets...........................................................................................6
1.9 Current Studies on Botnets Detection........................................................................................6
1.9.1 IRC-based Botnets Detection..............................................................................................6
1.9.2 HTTP-based Botnets Detection...........................................................................................6
1.9.3 P2P-based Botnets Detection.............................................................................................6
1.10 Related Work...............................................................................................................................6
1.11 Conclusion...................................................................................................................................6
1.12 Reference.....................................................................................................................................7

4Botnets Cyber Crimes
1 CHAPTER TWO LITERATURE REVIEW
1.1 INTRODUCTION
There had been involution in the information technology security issues where Botnets s is one
of the security challenges in the latest days however the Botnets s had been involving form the
single computer to complicated and distributed network systems. The Botnets s in the past was
used for some destructive purposes in the late 1990s and later were used for some of the
constructive purposes which include the maintenance of the controls of the ITC channel.
According to the research it is found that the Botnets were used by the hackers who were based
in Oregon states of United States of America. During that period the Botnets s were being
controlled in order to initiate an intentional DDoS (Distributed Denial of Service) attacks on the
e-bay website.
The peer to peer Botnets s was invented in year 2004 and from then the Botnets s HAD BEEN
USED for some destruction purposes for instance in year 2005 a new Botnets s virus called
ZOTOB was used to start the DDos attacks on various major U.S. Company’s websites.
More over there are various proves documented in the field of the Botnets s attack where Kraken
Botnets s attacks happened to more than 50 companies of the fortune 500 companies back year
2008 which were studied in the research field.
Apart from the above Botnets s cases described above there had been various instances where
there had been theft of money and leaking of information which had been achieved through the
use of the Botnets s viruses.
Currently there is the automated Botnets s which are one of the major threats where they keep on
sending messages to some individuals where there are no executed commands or controls since
they are self-automated
As a result of the increase in the level of the internet connectivity unlike in the past has highly
facilitated the increase in the incidences of the online attacks. At this time the internet access is
one of the major needs to each person and currently the technology had evolved to cloud
computing where the various users are able to store and access their major data through the cloud
services provided by some cloud services vendors.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5Botnets Cyber Crimes
The cloud computing represents the globally enabled, favorably, on demand network
accessibility to the public, private and hybrid shared pool of computing resources which
includes store, service, servers, network, and applications.
In some cases these types of services tend to be provided with just minimal management efforts
and at a fast passé.
The various internet connection devices are highly under the threats of some internet attacks that
are mainly performed and executed using the computer malicious software applications
These clouds servers are easily accessed via the internet access and thus high use of the cloud
computing had resulted to increase of possible cyber attacks.
Among the cyber attacks is the Botnets s which is among the supreme dangerous threats linked
to the cyber securities.
The Botnets s is made of combined two terms, the Bot that means the Robot and the Nets that
means the Network, therefore a group of devices that are compromised, infected and are internet
connected is referred to as Botnets and the Botnets is controlled by a person who is given a
name Botmaster or the Botherder.
This Botmaster is able to control these infected computer devices in a remote location using the
commands and controlling servers.
The Botnets s are able to provide one-to-many relationships mechanisms which occur between
commands, controlling server and bots, and that is the reason why the botmaster use Botnets s to
do the advertisements, cyber attacks and malicious access.
In the process of the Botnets s attack in case the computing devices get infected with malicious
codes, it becomes the part of a Botnets s, where it starts working as a botmaster device without
any knowledge of the end users.
Therefore the Botnets are able to propagate themselves over the time through the compromising
of various devices which ranges from the mobile phone, laptop, desktop computer and various
servers.
Therefore the various cyber attacks that are found in the internet of late, the users got affected by
those attacks are propagated via Botnets s.
Therefore the Botmasters are able to carry out various types of cybercrimes which includes the
DDoS, clicks frauds, phishing frauds, key loggings, bit coin frauds, spamming, sniffing traffics,
spread of new malware, and Google Ad Sense abuses using bots.

6Botnets Cyber Crimes
These days the Botnets s had been the major bases of the various cybercrimes that are propagated
through the use of the internet connection where the Botmaster uses various ways to infect the
user’s devices and make it bot(zombie) which includes the use of downloads , emails and
pirated software applications which are main mode of the botmaster attacks.
The previous conducted research had identified various detection approaches which can be
either online or offline Botnets detections, and major concern currently is the identification of the
real time detections.
There are various existing Botnets s detections techniques which are categorized into two major
groups which includes the Honeynets Based Detections Technique and Intrusions Detection
Systems.
The various researchers had been focusing on the cyber security in order to be able to detect
Botnets s attacks and preventing clouds servers from the Botnets s attack.
In this paper there is the coverage of literature reviews, Botnets lifecycle, characteristics of
Botnets, command and control (c&c) mechanism, Botnets protocols, Botnets detection, current
challenges of Botnets detection, feature extraction in Botnets detection, current studies on
Botnets detection, related work and conclusion.
1.1.1 History of Botnets and their Evolution over time:
These days the Botnets are the major tools that are used for the various cyber attacks that as a
result lead to major threats to the various organization’s properties and the networking assets ,
therefore the Botnets is a wide spread platforms of the malicious attacks.
The bots are used in carrying out the wide varieties of malicious actions against computer
systems and services. Therefore the Botnets or bot network is made of a large number of
compromised computers that are infected with malicious codes. Bots, botmasters, commands and
control channels make the entire botnet structures as discussed here below.
 Bots: This term Bot originated from the term ROBOT that is also referred to as the
Zombie. This is a type of installed malware into compromised computers systems unlike
the other types of malware like the virus and worm that mainly focuses on attack of
infecting hosts. The Bots mainly receives the various commands form the Botsmaster and
they are used in the types of distributed attacks platforms.
 Botsmasters: The other name of Botsmaster is Botherder which means the person that
manage remote Bots and Botnets.

7Botnets Cyber Crimes
 Command and control channel (C&C): The Botnets make use of the various commands
and controls channels that controls the Botnets. The Commands and controls
infrastructures are the major and most important parts of a Botnets. In order to ensure
there is efficient operation of the Botnets the Bots requires to maintain a stabilized
connections within the infrastructures more over the C&C servers are the controlling
center and it is given tasks of performing the coordinated tasks and attacks.
The C&C traffics are hidden behind normal web traffics in order to evade the mechanism
of detections. To classify the flows of network during normal C&C operations of botnets
the J48 is used since it is considered as the major algorithm that can be used to do
classification.
The Botnets had been evolving over a long period of time in order to imitate the various types of
topographical structures which include HTTP, P2P among other. However the Botnets related to
the mobile networks acts as the collections of the compromised nodes due to various malware of
mobiles and thus are able to perform coordinated attacks in an effective manner.
The Botnets has propagated at faster rates of the quadratic growths in sizes and this becomes
quite slow in comparison to the exponential growth of internet Botnets.
The mobiles Botnets compromise the vulnerable nodes through sending of the malware through
a centralized infrastructure.
The mobile Botnets sizes keeps on increasing over a period of time and thus is able to offer
various services to the botsmaster which includes the following:
 Robust networks connection.
 Individual encryptions and dispersions of controlling traffics.
 Limited exposure of Botnets by every bot.
 Ease in monitoring and recovering by its Botmaster.
The difference between Botnets and the other types of malware types is the existence of C&C
infrastructures, however the Bots are used in the search engines in order to spider online websites
contents and online games in order to virtual types of opponents.
1.1.1.1 Evolution of Botnet:
The below is the figure illustrating the evalotion of the Botnet which was created first in year
1988 by Jarkko Oikarinen in Finland and since then more features an functionalities had beed
added over many years as illustrated in the figure here below.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8Botnets Cyber Crimes
Figure 1: Time line of Botnets evolution
1.2 CHARACTERISTICS OF BOTNETS
1.2.1 What a bot and a Botnets?
The Botnets are made of combination of two names the Bot and Net.
The Bot that means the Robot and the Nets that means the Network.
The Botnets therefore refers to a group of devices that are compromised, infected and are internet
connected and they are controlled by a person who is given a name Botmaster or the Botherder.
This Botmaster is able to control these infected computer devices in a remote location using the
commands and controlling servers.
1.2.2 Botnets s Malicious Activities
1.2.2.1 DDOS
1.2.2.2 Spamming
1.2.2.3 Thieving Personal Information
1.2.2.4 Illegal Hosting, Sale or Rent Services
1.2.2.5 Click Fraud and Adware

9Botnets Cyber Crimes
1.3 Botnets Lifecycle
1.3.1 Infection and Propagation
1.3.2 Rallying
1.3.3 Commands and Reports
1.3.4 Abandon
1.3.5 Securing the Botnets
1.4 Command and Control (C&C) Mechanism
1.4.1 Centralised C&C
1.4.2 Decentralised C&C
1.4.3 Hybrid C&C
1.5 Botnets protocols
1.5.1 IRC-Based Botnets
1.5.2 P2P Botnets
1.5.3 HTTP-Based Botnets
1.6 BOTNETS DETECTION
1.6.1 Host-Based
1.6.2 Network-Based
1.6.3 Signature-based Detection
1.6.4 Anomaly-based Detection
1.6.4.1 Detection by DNS Traffic Monitoring
1.6.4.2 Behavioural Analysis Detection
1.6.4.3 Attack Behaviour Analysis
1.6.4.4 Operational Behaviour Analysis

10Botnets Cyber Crimes
1.7 CURRENT CHALLENGES of Botnets Detection
1.7.1 General Botnets Detection Challenges
1.7.2 Changing Techniques and Environments
1.7.3 Small-Scale and Single Bot Detection
1.7.4 Botnets Response, Prevention and Mitigation
1.8 Feature Extraction in Botnets Detection
For this section, you can get help from the paper with title (Towards Effective Feature Selection in
Machine Learning-Based Botnets Detection Approaches) that I already sent it.
1.8.1 Source and Destination IP addresses
1.8.2 Source and Destination port
1.8.3 Protocol
1.8.4 Duration and Periodicity
1.8.5 Flow size features
1.8.6 Number of Transferred Packets
1.9 Current Studies on Botnets Detection
1.9.1 IRC-based Botnets Detection
1.9.2 HTTP-based Botnets Detection
1.9.3 P2P-based Botnets Detection
1.10 Related Work
Already sent the papers that I used to compare my work with. You can use them for this part.
1.11 Conclusion

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

11Botnets Cyber Crimes
1.12 Reference
[1] L. Jae-Seo, J. HyunCheol, P. Jun-Hyung, K. Minsoo, and N. Bong-Nam, "The Activity
Analysis of Malicious HTTP-Based Botnets s Using Degree of Periodic Repeatability," in

12Botnets Cyber Crimes
Proceedings of the International Conference on Security Technology (SECTECH), 2016, pp. 83-
86.
[2] M. La Polla, F. Martinelli, and D. Sgandurra, "A Survey on Security forMobile Devices,"
IEEE Communications Surveys & Tutorials, 2017, doi:10.1109/SURV.2012.013012.00028
[3] L. Chao, J. Wei, and Z. Xin, "Botnets : Survey and Case Study," in Proceedings of the Fourth
International Conference on Innovative Computing, Information and Control (ICICIC), 2015, pp.
1184-1187.
[4] C. Schiller, J. Binkley, D. Harley, G. Evron, T. Bradley, C. Willems, and M. Cross, Botnets
s: The Killer Web Application, 1st ed. Syngress, 2017.
[5] N. Hachem, Y. Ben Mustapha, G. G. Granadillo, and H. Debar,"Botnets s: Lifecycle and
Taxonomy," in Proceedings of the Conference on Network and Information Systems Security
(SAR-SSI), 2016, pp. 1-8.
[6] M. Bailey, E. Cooke, F. Jahanian, X. Yunjing, and M. Karir, "A Surveyof Botnets
Technology and Defenses," in Proceedings of the Cybersecurity Applications & Technology
Conference for Homeland Security (CATCH), 2015, pp. 299-304.
[7] J. Govil, "Examining the Criminology of Bot Zoo," in Proceedings of the 6th International
Conference on Information, Communications & Signal Processing, 2016, pp. 1-6.