Invasion of the Botnet Snatchers: A Case Study in Applied Malware Cyberdeception

Date
2020-01-07
Authors
Chandler, Jared
Fisher, Kathleen
Chapman, Erin
Davis, Eric
Wick, Adam
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
In this paper, we provide the initial steps towards a botnet deception mechanism, which we call 2face. 2face provides deception capabilities in both directions – upward, to the command and control (CnC) server, and downward, towards the botnet nodes – to provide administrators with the tools they need to discover and eradicate an infestation within their network without alerting the botnet owner that they have been discovered. The key to 2face is a set of mechanisms for rapidly reverse engineering the protocols used within a botnet. The resulting protocol descriptions can then be used with the 2face network deception tool to generate high-quality deceptive messaging, against the attacker. As context for our work, we show how 2face can be used to help reverse engineer and then generate deceptive traffic for the Mirai protocol. We also discuss how this work could be extended to address future threats.
Description
Keywords
Cyber Deception for Defense, botnets, cybersecurity, deception, human-machine teaming
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.