Agent-based Modeling and Simulation of Botnets and Botnet Defense

Nowadays we are witnesses of the rapid spread of botnets across the Internet and using them for different cyber attacks against our systems. Botnets join a huge number of compromised computers in the Internet and allow using these computers for performing vulnerability scans, distributing denial-of-service (DDoS) attacks and sending enormous amounts of spam emails. It is a very complex task to detect such botnets and protect against their attacks. The paper considers the approach to the investigation of botnets and botnet defense mechanisms. The approach is based on the agent-based simulation of cyber attacks and cyber defense mechanisms, which combines discrete-event simulation, multi-agent approach and packet-level simulation of network protocols. The various methods of botnet attacks and counteraction against botnet DDoS attacks are explored by representing botnets and botnet defense components as agent teams using the software simulation environment under development. Agents are supposed to collect information from various sources, use different knowledge, forecast the intentions and actions of other agents, try to deceive the agents of competing team, react to actions of other agents. The teams of defense agents are able to cooperate as the defense system components of different organizations and Internet service providers (ISPs). The paper outlines the common framework and implementation peculiarities of the simulation environment as well as the experiments aimed on the investigation of botnets and botnet DDoS defense mechanisms.