Agent based modeling and simulation of botnets and botnet defense


Agent based modeling and simulation of botnets and botnet defense

Laboratory of Computer Security Problems, St. Petersburg Institute for Informatics 
and Automation of Russian Academy of Sciences, St. Petersburg, Russia
Abstract: Nowadays  we  are  witnesses  of  the  rapid  spread  of  botnets  across
the  Internet and using  them  for different  cyber attacks against our systems. 
Botnets join a huge number of compromised computers in the Internet and 
allow using these computers for performing vulnerability scans,  distributing denial-of-service (DDoS) attacks and sending enormous amounts of spam emails.
 It  is  a  very  complex  task  to  detect  such  botnets  and  protect against 
t heir at tacks. The paper considers t he approach to t he invest igation of botnets 
and  botnet  defense  mechanisms.  The  approach  is  based  on  the  agent-based 
simulation of cyber attacks and cyber defense mechanisms, which combines 
discrete-event simulation, multi-agent approach and packet-level simulation 
of network protocols.
The various methods of botnet attacks and counteraction  against  botnet  DDoS  attacks  are  explored  by  representing  botnets and botnet defense components as agent teams using the software simulation environment under development.
Agents are supposed to collect information from various sources, use different knowledge, forecast the intentions and actions of other agents, try to deceive the agents of competing team, react to actions of other agents. The teams of defense agents are able to cooperate as the defense system components of different organizations and Internet service providers (ISPs).
The paper outlines the common framework and implementation peculiarities of the simulation environment as well as the experiments 
aimed on the investigation of botnets and botnet DDoS defense mechanisms.
Keywords: cyber conflicts, cyber defense, botnets, Internet attacks and defense, DDoS, modeling and simulation, packet-based simulation, agent-based 


Read the full PDF:

Conference on Cyber Conflict

Proceedings 2010              
C. Czosseck and K. Podins (Eds.)   
CCD COE Publications, 2010, Tallinn, Estonia.
By Igor Kotenko, Alexey Konovalov, and Andrey Shorov