Böck, Leon ; Alexopoulos, Nikolaos ; Saracoglu, Emine ; Mühlhäuser, Max ; Vasilomanolakis, Emmanouil (2019)
Assessing the threat of blockchain-based botnets.
APWG Symposium on Electronic Crime Research (eCrime2019). Pittsburgh, USA (13.11.2019-15.11.2019)
doi: 10.1109/eCrime47957.2019.9037600
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Time and time again the security community has faced novel threats that were previously never analyzed, sometimes with catastrophic results. To avoid this, proactive analysis of envisioned threats is of great importance. One such threat is blockchain-based botnets. Bitcoin, and blockchain-based decentralized cryptocurrencies in general, promise a fair and more transparent financial system. They do so by implementing an open and censorship-resistant atomic broadcast protocol that enables the maintenance of a global transaction ledger, known as a blockchain. In this paper, we consider how this broadcast protocol may be used for malicious behavior as a botnet command and control (C2) channel. Botmasters have been known to misuse broadcasting platforms, like social media, as C2 channels. However, these platforms lack the integral censorship-resistant property of decentralized cryptocurrencies. In this paper, we provide a comprehensive systematization of knowledge study on using blockchains as botnet C2 channels, generating a number of important insights. We set off by providing a critical analysis of the state of the art of blockchain-based botnets, along with an abstract model of such a system. We then examine the inherent limitations of the design, in an attempt to challenge the feasibility of such a botnet. With such limitations in mind, we move forward with an experimental analysis of the detectability of such botnets and discuss potential countermeasures. Contrary to previous work that proposed such botnets, we provide a broad overview of the associated risk and view the problem in relation to other existing botnet C2 channels. We conclude that despite its limitations, the blockchain, as a backup mechanism, practically renders attempts to suppress the control channel of a botnet futile. Thus, more focus should be put on detecting and disinfecting machines at the network edge (router) or even per-bot level.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2019 |
| Autor(en): | Böck, Leon ; Alexopoulos, Nikolaos ; Saracoglu, Emine ; Mühlhäuser, Max ; Vasilomanolakis, Emmanouil |
| Art des Eintrags: | Bibliographie |
| Titel: | Assessing the threat of blockchain-based botnets |
| Sprache: | Englisch |
| Publikationsjahr: | 4 November 2019 |
| Ort: | Pittsburgh, PA, USA |
| Verlag: | IEEE |
| Veranstaltungstitel: | APWG Symposium on Electronic Crime Research (eCrime2019) |
| Veranstaltungsort: | Pittsburgh, USA |
| Veranstaltungsdatum: | 13.11.2019-15.11.2019 |
| DOI: | 10.1109/eCrime47957.2019.9037600 |
| Kurzbeschreibung (Abstract): | Time and time again the security community has faced novel threats that were previously never analyzed, sometimes with catastrophic results. To avoid this, proactive analysis of envisioned threats is of great importance. One such threat is blockchain-based botnets. Bitcoin, and blockchain-based decentralized cryptocurrencies in general, promise a fair and more transparent financial system. They do so by implementing an open and censorship-resistant atomic broadcast protocol that enables the maintenance of a global transaction ledger, known as a blockchain. In this paper, we consider how this broadcast protocol may be used for malicious behavior as a botnet command and control (C2) channel. Botmasters have been known to misuse broadcasting platforms, like social media, as C2 channels. However, these platforms lack the integral censorship-resistant property of decentralized cryptocurrencies. In this paper, we provide a comprehensive systematization of knowledge study on using blockchains as botnet C2 channels, generating a number of important insights. We set off by providing a critical analysis of the state of the art of blockchain-based botnets, along with an abstract model of such a system. We then examine the inherent limitations of the design, in an attempt to challenge the feasibility of such a botnet. With such limitations in mind, we move forward with an experimental analysis of the detectability of such botnets and discuss potential countermeasures. Contrary to previous work that proposed such botnets, we provide a broad overview of the associated risk and view the problem in relation to other existing botnet C2 channels. We conclude that despite its limitations, the blockchain, as a backup mechanism, practically renders attempts to suppress the control channel of a botnet futile. Thus, more focus should be put on detecting and disinfecting machines at the network edge (router) or even per-bot level. |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation |
| Hinterlegungsdatum: | 04 Nov 2019 14:15 |
| Letzte Änderung: | 05 Jul 2024 06:52 |
| PPN: | |
| Projekte: | Novel P2P Botnet Detection (RBC), CRISP2 |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum