Listening to botnet communication channels to protect information systems

Authors

Brian Cusack, Auckland University of TechnologyFollow
Sultan Almutairi, Auckland University of TechnologyFollow

Document Type

Conference Proceeding

Abstract

Botnets are a weapon of choice for people who wish to exploit information systems for economic advantage. A large percentage of high value commercial targets such as banking transaction systems and human customers are web connected so that access is gained through Internet services. A Botnet is designed to maximise the possibility of an economic success through the low cost of attacks and the high number that may be attempted in any small time unit. In this paper we report exploratory research into the communications of Botnets. The research question was: How do Botnets talk with the command and control channels? The research method is to catch binaries in a low interaction honey pot and then to provide a secure test bed in which the binaries can demonstrate the actions of malicious activity. One of the actions performed by a binary is communication with the Bot master and this action is the focus of our study. We also provide a feedback loop in which suggestions are made to protect an Information System and the users.

Comments

12^th Australian Digital Forensics Conference. Held on the 1-3 December, 2014 at Edith Cowan University, Joondalup Campus, Perth, Western Australia.

DOI

10.4225/75/57b3df16fb87b