Please use this identifier to cite or link to this item:

Invasion of the Botnet Snatchers: A Case Study in Applied Malware Cyberdeception

File Size Format  
0184.pdf 409.96 kB Adobe PDF View/Open

Item Summary

Title:Invasion of the Botnet Snatchers: A Case Study in Applied Malware Cyberdeception
Authors:Chandler, Jared
Fisher, Kathleen
Chapman, Erin
Davis, Eric
Wick, Adam
Keywords:Cyber Deception for Defense
human-machine teaming
Date Issued:07 Jan 2020
Abstract:In this paper, we provide the initial steps towards a botnet deception mechanism, which we call 2face. 2face provides deception capabilities in both directions – upward, to the command and control (CnC) server, and downward, towards the botnet nodes – to provide administrators with the tools they need to discover and eradicate an infestation within their network without alerting the botnet owner that they have been discovered. The key to 2face is a set of mechanisms for rapidly reverse engineering the protocols used within a botnet. The resulting protocol descriptions can then be used with the 2face network deception tool to generate high-quality deceptive messaging, against the attacker. As context for our work, we show how 2face can be used to help reverse engineer and then generate deceptive traffic for the Mirai protocol. We also discuss how this work could be extended to address future threats.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cyber Deception for Defense

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons