Skip to main content
SpringerLink
Log in

Exploring Botnet Evolution via Multidimensional Models and Visualisation

  • Conference paper
  • First Online:
Security and Trust Management (STM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10547))

Included in the following conference series:

Abstract

A botnet is a program designed to perform a specific task using multiple computers connected in a network. In this paper we will focus on botnets being used to distribute malicious programs. In the real world, botnets have been shown to exhibit more aggressive and sophisticated behaviour than traditional malware. Botnets are used to infect computer networks and hence their success depends on the properties of the networks. We observe the behaviour of mathematical models used to describe botnets when botnet parameters are varied to understand if such variation is beneficial to their spread. We also introduce novel models for depicting botnet behaviour using master equations. These models, unlike previous ones, address nodes of distinct categories in a network as a sequence of probability distributions rather than a value at each time interval. We also contribute visualisations for these models. This paper is a substantial expansion of unpublished work the first author performed while on a Nuffield student research placement, with the second author the project supervisor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ajelli, M., Lo Cigno, R., Montresor, A.: Compartmental differential equation models of botnets and epidemic malware (extended version), University of Trento report T.R. DISI-10-011, 2–3, 9 (2010)

    Google Scholar 

  2. Anon: Internet Census 2012: Port Scanning/0 Using Insecure Embedded Devices (2013). (Carna Botnet) http://census2012.sourceforge.net/paper.html

  3. CAIDA Datasets. http://www.caida.org/research/security/#Datasets

  4. Dagon, D., Zou, C., Lee, W.K.: Modeling botnet propagation using time zones. In: Proceedings of the 13th NDSS, vol. 6, pp. 2–13 (2006)

    Google Scholar 

  5. Keeling, M.: Population Dynamics MA4E7, Warwick University, 50 (2004). http://homepages.warwick.ac.uk/~masfz/Pop_Dyn/Handouts.pdf

  6. Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T., Traynor, P.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and communications Security, pp. 223–234 (2009)

    Google Scholar 

  7. Nordlohne, C.: Measuring Botnet Prevalence: Malice Value, preprint (2015). http://acdc-project.eu/wp-content/uploads/2015/05/malice-value2.pdf

  8. Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (Maybe, Better than Yours): why size estimates remain challenging. In: Proceedings of the 1st USENIX Workshop in Hot Topics in Understanding Botnets, April 2007

    Google Scholar 

  9. Rodionov, E., Matrosov, A.: The Evolution of TDL: Conquering x64, eSeT (2011). https://www.welivesecurity.com/media_files/white-papers/The_Evolution_of_TDL.pdf

  10. Rohloff, K., Başar, T.: Stochastic behavior of random constant scanning worms. In: Proceedings of the 14th International Conference in Computer Communications and Networks, pp. 339–334 (2005)

    Google Scholar 

  11. Rrushi, J., Mokhtari, E., Ghorbani, A.: Early stage botnet detection and containment via mathematical modeling and prediction of botnet propagation dynamics. University of New Brunswick Technical report TR10-206 (2010)

    Google Scholar 

  12. Song, L.P., Jin, Z., Sun, G.Q.: Modeling and analyzing of botnet interactions. Physica A 390, 347–358 (2011)

    Article  Google Scholar 

Download references

Acknowledgements

The authors acknowledge the kindness of the Nuffield Foundation for making this work possible, and the generous research support of Plymouth University.

Author information

Authors and Affiliations

  1. University of Bristol, Bristol, BS8 1TH, UK

    William Dash

  2. Centre for Mathematical Sciences, Plymouth University, Plymouth, PL4 8AA, UK

    Matthew J. Craven

Authors
  1. William Dash
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthew J. Craven
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matthew J. Craven .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Dash, W., Craven, M.J. (2017). Exploring Botnet Evolution via Multidimensional Models and Visualisation. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68063-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68062-0

  • Online ISBN: 978-3-319-68063-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation