Botnet Literature Review

Botnets have continuously evolved since they were first created. This evolution is now being fueled by a talent influx generated by the incentive of the monetary gains facilitated by botnet operations. This talent base has allowed new botnet generations to continuously side-step mitigation techniques. This is also due to the fact that computer security has generally reacted to new malware as it is discovered in the wild. This paradigm has proven to be much too slow for botnet mitigation as the botnet is often well entrenched before any real defense has been implemented. At this point the botnet has already been able to inflict considerable damage. As a result botnet research is shifting to a forward-looking or proactive approach. Botnets have started a trend towards smaller network sizes with less bots or sites. This allows a botnet to have a better chance of flying under the radar. This means that each botnet might have a separate or specialized infrastructure, or at least some way to keep them separate. This presents the botmaster or organization that is running multiple such networks with a cumbersome management and maintenance issue. Another method for achieving smaller or segmented attacks would be to keep the botnet intact and to use another strategy to segment it at will for a given attack or action. This implies that the typical “publish-subscribe” system employed by most P2P networks would need to be reworked or replaced. A possible replacement would be a Voronoi P2P overlay, it has the potential to segment a P2P at will based on a virtual geography. This overlay is already being vetted for use in massively multi-player on-line games (MMOGs) as a possible means for managing network vitrual environments (NVEs) that were previously managed by a centralized server. The same characteristics that make a Voronoi desirable for this application might also make it a viable botnet command and control (C&C) infrastructure. ∗Open to suggestion for a better title. †No author note at this point.