|
"Botnets", or "bot armies", are large groups of remotely controlled malicious software. Bot armies pose one of the
most serious security threats to all networks. Botnets, remotely controlled and operated by botmasters or botherders,
can launch massive denial of service attacks, multiple penetration attacks, or any other malicious network activity on
a massive scale. While bot army activity has, in the past, been limited to fraud, blackmail, and other forms of criminal
activity, their potential for causing large-scale damage to the entire internet; for launching large-scale, coordinated
attacks on government computers and networks; and for large-scale, coordinated data gathering from thousands of
users and computers on any network has been underestimated. This paper will not discuss how to build bots but the
threats they pose. In a "botnet" or "bot army", computers can be used to spread spam, launch denial-of-service
attacks against Web sites, conduct fraudulent activities, and prevent authorized network traffic from traversing the
network.
In this paper, we examine the need for botnet defense training within existing simulation environments and present
our suggestions for the capabilities needed for training systems for botnet activities. In this paper we discuss botnet
technology and review the technologies that underlie this threat to network, information, and computer security. The
second section contains background information about bot armies and key foundational bot technologies. The third
section presents a discussion of the types of attacks that botnets can conduct, defenses against them and our
suggestions for simulating botnet activities, including suggested message formats for distributing bot simulation
commands and for distributing information needed to simulate both the effects of bot attacks and defensive responses
to bot attacks. The fourth section contains a summary and suggestions for future research.
|
