Explore the vast range of titles available.

This paper deals with the observability, controllability, and command and control strategy in the Botnet Defense System (BDS) that disinfects malicious botnets with white-hat botnets. The BDS defends an IoT system built over the Internet. The Internet is characterized by openness, but not all nodes are observable and controllable. We incorporated the concept of observability and controllability into the BDS design and theoretically clarified that the BDS can enhance its observability and controllability by utilizing its white-hat botnets. In addition, we proposed a Withdrawal strategy as a basic strategy to command and control white-hat botnets. Then, we modeled the BDS, adopted the Withdrawal strategy with agent-oriented Petri net PN2 and confirmed the effect through the simulation of the model. The result shows that even if considering observability and controllability, the BDS wiped out the malicious bots and reduced the white-hat bots to less than 1% as long as the white-hat worms were sufficiently infectious.

Self-propagating malware has been infecting thousands of IoT devices and causing security breaches worldwide. Mitigating and cleaning self-propagating malware is important but challenging because they propagate unpredictably. White-hat botnets have been used to combat self-propagating malware with the concept of fight fire-with-fire. However, white-hat botnets can also overpopulate and consume the resource of IoT devices. Later, lifespan was introduced as a self-destruct measure to restrain white-hat botnets’ overpopulation, but unable to change based on real-time situations. This paper proposes a method for diffusing white-hat botnets by controlling lifespan. The main contribution of this paper is that the method uses a dynamic lifespan that increases and decreases based on the congregation’s situation of the self-propagating malware and white-hat botnets. The method tackles the problem of overpopulation of white-hat botnets since they can self-propagate by controlling the ripple effect that widens the white-hat botnet’s diffusion area but suppresses the number of white-hat botnets to achieve a ’zero-botnet’ situation. The effectiveness in reducing the overpopulation rate was confirmed. The experiment result showed that the ripple effect could reduce the number of white-hat botnets in the network by around 80%, depending on different control parameters.

This paper proposes a novel defense mechanism inspired by the bioimmune response to effectively eliminate botnets that repeatedly infect IoT networks and describes the development of an Immune-Based Botnet Defense System (iBDS), incorporating this mechanism. Focusing on the roles of antibodies and phagocytes in the immune response, the iBDS implements a multi-layered defense using two types of worms: antibody worms and phagocyte worms. When a malicious botnet infects a network, the resident phagocyte worms immediately infect and eliminate the bots and prevent the infection from spreading in its early stages. This provides an immediate response in a similar way to innate immunity. On the other hand, if a malicious botnet infects the network and the phagocyte worms are unable to infect the bots, the antibody worms, instead, infect the bots and change their vulnerabilities to help the phagocyte worms infect and eliminate them. This provides an adaptive response in a similar way to acquired immunity. In addition, when the same botnet is repeatedly infected, more antibody worms are used to produce a stronger response, similar to immune memory. The introduction of multi-layered defense and immune memory is an important novelty of this paper that is not found in traditional botnet defense system research. The experimental results from simulations and prototype implementations show that iBDS can effectively eliminate botnets that repeatedly infect IoT networks.

Mirai, an IoT malware that emerged in 2016, has been used for large-scale DDoS attacks. The Mirai source code is publicly available and continues to be a threat with a variety of variants still in existence. In this paper, we propose an implementation system for malicious and white-hat worms created using the Mirai source code, as well as a general and detailed implementation method for white-hat worms that is not limited to the Mirai source code. The white-hat worms have the function of a secondary infection, in which the white-hat worm disinfects the malicious worm by infecting devices already infected by the malicious worm, and two parameters, the values of which can be changed to modify the rate at which the white-hat worms can spread their infection. The values of the parameters of the best white-hat worm for disinfection of the malicious botnet and the impact of the value of each parameter on the disinfection of the malicious botnet were analyzed in detail. The analysis revealed that for a white-hat worm to disinfect a malicious botnet, it must be able to infect at least 80% of all devices and maintain that situation for at least 300 s. Then, by tuning and optimizing the values of the white-hat worm’s parameters, we were able to successfully eliminate the malicious botnet, demonstrating the effectiveness of the white-hat botnet’s function of eliminating the malicious botnet.

The demand for Internet security has escalated in the last two decades because the rapid proliferation in the number of Internet users has presented attackers with new detrimental opportunities. One of the simple yet powerful attack, lurking around the Internet today, is the Distributed Denial-of-Service (DDoS) attack. The expeditious surge in the collaborative environments, like IoT, cloud computing and SDN, have provided attackers with countless new avenues to benefit from the distributed nature of DDoS attacks. The attackers protect their anonymity by infecting distributed devices and utilizing them to create a bot army to constitute a large-scale attack. Thus, the development of an effective as well as efficient DDoS defense mechanism becomes an immediate goal. In this exposition, we present a DDoS threat analysis along with a few novel ground-breaking defense mechanisms proposed by various researchers for numerous domains. Further, we talk about popular performance metrics that evaluate the defense schemes. In the end, we list prevalent DDoS attack tools and open challenges.

Mafia, or Werewolf, is a strategic game where two teams compete to eliminate each other’s players through deception and hidden roles. The game dynamics and role interactions share notable similarities with adversarial behaviors in network security, making it a valuable framework for modeling cyber threats, particularly botnet detection. In this paper, we introduce a novel game-theoretic approach to botnet detection, leveraging the strategic deception dynamics of the Mafia game to model adversarial behavior in cybersecurity. We present a mathematical model for Mafia games, formulating winning strategies for different roles using linear relations and reinforcement learning techniques. Furthermore, we establish a direct mapping between Mafia game roles and network security components, illustrating how botnet attack patterns align with hidden-role game mechanics. Our proposed detection strategies are applied to real-world network attack scenarios, demonstrating their effectiveness in mitigating botnet threats. We evaluate the model using applicable security metrics and compare the results with existing detection methodologies to validate the approach. Our findings indicate that the suggested strategies improve detection accuracy by 12% over conventional methods. Additionally, we conduct network emulations using Mininet, simulating Mirai botnet infections. The results show that the true positive and true negative detection rates for a network modeled by the Mafia game framework reach 71% and 91%, respectively. These insights provide a foundation for integrating deception-based modeling into modern intrusion detection systems, enhancing network resilience against adaptive cyber threats.

We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customers (say, switch on or out the defence system) is much faster that the infection rates.

The exponential growth of Internet of Things (IoT) devices has led to an escalation in the number of possible points of attack, making IoT networks vulnerable to a diverse range of threats. In recent years, machine learning and deep learning techniques have been increasingly employed to enhance the security of IoT systems. Nevertheless, security systems that rely on machine learning and deep learning techniques are susceptible to adversarial attacks. The proposed study introduces a botnet detection framework designed to withstand gradient-based adversarial attacks. A weighted multi-layer perceptron (MLP) model is developed to identify security attacks using the imbalanced NF-BoT-IoT dataset and this model is further used to evaluate the resilience against prominent gradient-based attacks, the fast gradient sign method (FGSM), projected gradient descent (PGD) and backward pass differentiable approximation (BPDA) in both targeted and non-targeted modes. Extensive experiments are conducted to assess the severity of each category of adversarial attack by varying the perturbation level ϵ and analyzing variations in accuracy, precision, recall, F1 Score, and Loss. Additionally, an adversarial attack defense strategy based on a shallow denoising auto-encoder is proposed to enhance the MLP model’s robustness against these attacks. The proposed approach effectively restores the balanced weighted MLP model’s performance to 99.53% accuracy, 99.77% precision, 98.53% recall, and 99.12% F1 Score under FGSM and PGD adversarial attacks. Also, the proposed approach restores the MLP model’s performance to 97.90% accuracy, 98.46% precision, 97.90% recall, and 98.15% F1 Score under BPDA adversarial attacks. A comparative analysis with the existing Adversarial Training approach demonstrates the superior adversarial attack defense capability of the proposed method across various perturbation strengths and attack models.

PurposeThis paper proposes an approach to deal with malware and botnets, which in recent years have become one of the major threats in the cyber world. These malicious pieces of software can cause harm not only to the infected victims but also to actors at a much larger scale. For this reason, defenders, namely, security researchers and analysts, and law enforcement have fought back and contained the spreading infections. However, the fight is fundamentally asymmetric.Design/methodology/approachIn this paper, the authors argue the need to equip defenders with more powerful active defence tools such as malware and botnets, called antidotes, which must be used as last resort to mitigate malware epidemics. Additionally, the authors argue the validity of this approach by considering the ethical and legal concerns of leveraging sane and compromised hosts to mitigate malware epidemics. Finally, the authors further provide evidence of the possible success of these practices by applying their approach to Hlux, Sality and Zeus malware families.FindingsAlthough attackers have neither ethical nor legal constraints, defenders are required to follow much stricter rules and develop significantly more intricate tools. Additionally, attackers have been improving their malware to make them more resilient to takeovers.Originality/valueBy combining existing research, the authors provide an analysis and possible implication of a more intrusive yet effective solution for fighting the spreading of malware.

In recent years, botnet has become one of the most serious security threats to Internet. With the rapid development of mobile network and the popularity of smartphones, botnet began to spread to mobile platform. In order to counter mobile botnet, it is meaningful to study its constructive mechanism and reproduce it. In the past studies, researchers have designed several kinds of mobile botnet model based on various communication channels, such as SMS, Bluetooth, etc. This paper proposed a general mobile botnet model based on open service, and verified its feasibility by implementing it on Android platform. This paper also analyzed this model, and then proposed potential defense strategy in terms of its characteristic, which may provide reliable theoretical and technical support for future prevention and privacy protection.