Aprimorando o simulador Simbo para testes de botnets avançadas

  • Fábio Harada Kubo Unicamp
  • Moisés Danziger Unicamp
  • Marco Aurélio Amaral Henriques Unicamp
DOI: https://doi.org/10.5753/sbseg_estendido.2018.4163

Abstract


This work aimed to improve the simulator Simbo that was designed for botnet simulation which make use of new attack techniques, highlighting those based on the use of machine learning. In order to reach that goal, we proposed a scenario that the bots act on infected hosts, filtering the network traffic and reporting relevant information to its command and control center with an intelligent engine that is responsible for making decisions. In the development of this scenario, it was noticed that its scalability would be compromised if there was no way to parallelize the work done by the bots. Thus, we developed a solution to distribute the simulation in several processing cores, increasing the simulator performance with a speedup of approximately 3.0. This solution will allow the study of new scenarios, among them we can cite the one in which the bots will also make use of computational intelligence techniques.

References

Agarwal, S. (2010). Performance analysis of peer-to-peer botnets using”The Storm Botnet”as an exemplar. PhD thesis.

Athena. Código-fonte da botnet athena. [link]. (acessado em 15/02/2018).

Balabanian, F., Danziger, M., and Henriques, M. A. A. (2016). Simbo - ambiente de simulação dedicado ao estudo de botnets. In XVI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. X Workshop de Trabalhos de Iniciação Científica e de Graduação, pages 606–610.

Bro. Bro network log guides. acessado dia 25/06/2018.

Danziger, M. and Henriques, M. A. A. (2017). Attacking and defending with intelligent botnets. In XXXV Simpósio Brasileiro de Telecomunicações e Processamento de Sinais - SBrT 2017, pages 457–461.

INET (2017). Inet framework. [link].

Kotenko, I. V. Experiments with simulation of botnets and defense agent teams.

MADCC. Mid-atlantic collegiate cyber defense competition. acessado dia 01/04/2018.

Paxson, V. (1999). Bro: a System for Detecting Network Intruders in Real-Time. Computer Networks, 31(23-24):2435–2463.

Stoffers, M., Bettermann, R., Gross, J., and Wehrle, K. (2014). Enabling distributed simulation of omnet++ INET models. CoRR, abs/1409.0994.

Varga, A. (2001). The omnet++ discrete event simulation system. In In ESM’01.

Varga, A. (2009). Parallel simulation made easy with omnet + +.
Published
2018-10-25
How to Cite

Select a Format
KUBO, Fábio Harada; DANZIGER, Moisés; HENRIQUES, Marco Aurélio Amaral. Aprimorando o simulador Simbo para testes de botnets avançadas. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 18. , 2018, Natal. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2018 . p. 243-252. DOI: https://doi.org/10.5753/sbseg_estendido.2018.4163.