Abstract
Botnet Emulation is an emerging method to research on Botnet which is attracting widespread attention. It is referred to build a closed Botnet with virtualization technology to do analysis on Botnet. Although superior to other traditional methods for its flexibility, reproducibility, validity as well as lawfulness, Botnet Emulation is facing challenges from security, transparency, scale and so on. In this paper, we shed light on some of the key challenges in building Botnet Emulation systems. Furthermore, we discuss various techniques used to address or alleviate these problems, along with the pros and cons of each technique. We hope to motivate future research in this area to develop practical solutions to these challenges.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Zhu, Z., Lu, G., Chen, Y., Fu, Z.J., Roberts, P., Han, K.: Botnet research survey. Northwestern University, Evanston (IEEE) (2008)
Seifert, C., Endicott-Popovsky, B., Frincke, D., Komisarczuk, P., Muschevici, R., Welch, I.: Justifying the need for forensically ready protocols: a case study of identifying malicious web servers using client honeypots, vol. 11, no. 1 (2008)
Jiang, X., Wang, X.: Out-of-the-Box Monitoring of VM-based High-Interaction Honeypots. Springer, Heidelberg (2007)
Alosefer, Y., Rana, O.: Clustering client honeypot data to support malware analysis. Knowledge-Based and Intelligent Information and Engineering Systems. Lecture Notes in Computer Science, vol. 6279, pp. 556–565 (2010)
Spitzner, L.: Definition and value of honeypots. http://www.tracking-hackers.com/papers/honeypots.hmtl
Balas, E., Viecco, C.: Towards a third generation data capture architecture for honeynets. Indiana University, Bloomington (2005)
Levine, J., LaBella, R., Owen, H., Contis, D., Culver, B.: The use of honeynets to detect exploited systems across large enterprise networks. In: IEEE 4th Annual Information Assurance Workshop, West Point, NY, June (2003)
Barford, P., Blodgett, M.: Toward botnet mesocosms. University of Wisconsin-Madison, Madison (2007)
Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A., Sklower, K., Ostrenga, R., Schwab, S.: Experience with deter: a testbed for security research. In: Testbeds and research infrastructures for the development of networks and communities, TRIDENTCOM 2006. 2nd international conference on, 2006, p. 10 (2006)
Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A., Sklower, K., et al.: Experience with deter: a testbed for security research. In: Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2006. 2nd International Conference on, Pub Place: IEEE, Barcelona, pp. 379–388 (2006)
Jackson, A.W., Lapsley, D., Jones, C., Zatko, M., Golubitsky, C., Strayer, W.T.: SLINGbot: A system for live investigation of next generation botnets. In: Conference For Homeland Security, CATCH '09. Cybersecurity Applications & Technology, Pub Place: IEEE, Washington, DC, pp. 313–318 (2009)
Minnich, R., Rudish, D.: Ten million and one penguins, or, lessons learned from booting millions of virtual machines on HPC systems (2009)
Emulating a Million Machines to investigate Botnets. http://www.hpcs2010.org/
Calvet, J., Davis, C.R., Fernandez, J.M., Marion, J.Y., St-Onge, P.L., Guizani, W., et al.: The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, Pub Place: ACM. New York, pp.141-150 (2010)
OpenVZ density. http://zh.wikipedia.org/wiki/OpenVZ#.E5.AF.86.E5.BA.A6
Nelson Elhage, Virtunoid. A KVM Guest: Host privilege escalation exploit. Black Hat USA 2011
Cheng, G., Zou, D.Q., Li, M., Ji, C.: Trusted lightweight VMM based security architecture. Jisuanji Yingyong Yanjiu 27(8), 3045–3049 (2010)
Waledac Botnet. http://en.wikipedia.org/wiki/Waledac_botnet
Libvirt. http://libvirt.org
Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities (2007)
Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of the 12th USENIX Security Symposium, Pub Place: USENIX Association, Washington, DC, pp.295–310 (2003)
Thompson, C., Huntley, M., Link, C.: Virtualization detection: new strategies and their effectiveness
DAMBALLA, Top 10 Botnet Threat Report, 2010
Acknowledgments
This study is supported by the Hi-tech Research and Development Program of China (863 Program) under Grant No.2011AA01A205, the National Natural Science Foundation of China under Grant No.61003015, the Doctoral Fund of Ministry of Education of China under Grant No.20101102110018, the National “Core electronic devices high-end general purpose chips and fundamental software” project under Grant No.2010ZX01036-001-001, and the National Natural Science Foundation of China under Grant No. 60973008.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this paper
Cite this paper
Lin, B., Hao, Q., Xiao, L., Ruan, L., Zhang, Z., Cheng, X. (2013). Botnet Emulation: Challenges and Techniques. In: Wong, W.E., Ma, T. (eds) Emerging Technologies for Information Systems, Computing, and Management. Lecture Notes in Electrical Engineering, vol 236. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7010-6_100
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7010-6_100
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-7009-0
Online ISBN: 978-1-4614-7010-6
eBook Packages: EngineeringEngineering (R0)