Visible to the public How can botnets cause storms? Understanding the evolution and impact of mobile botnets

TitleHow can botnets cause storms? Understanding the evolution and impact of mobile botnets
Publication TypeConference Paper
Year of Publication2014
AuthorsZhuo Lu, Wenye Wang, Wang, C.
Conference NameINFOCOM, 2014 Proceedings IEEE
Date PublishedApril
Keywordsbotnet propagation storms, compromised nodes, computer network security, coordinated attacks, data forwarding, denial-of-service impact, distributed mechanism, epidemic modeling, exponential growth, Internet, Internet botnets, invasive software, last chipper time, Malware, mobile botnets, mobile computing, mobile malware, mobile networks, mobile nodes, mobile services, mobility range, network bandwidth, node mobility, Peer-to-peer computing, quadratic growth, service requests, wireless links

A botnet in mobile networks is a collection of compromised nodes due to mobile malware, which are able to perform coordinated attacks. Different from Internet botnets, mobile botnets do not need to propagate using centralized infrastructures, but can keep compromising vulnerable nodes in close proximity and evolving organically via data forwarding. Such a distributed mechanism relies heavily on node mobility as well as wireless links, therefore breaks down the underlying premise in existing epidemic modeling for Internet botnets. In this paper, we adopt a stochastic approach to study the evolution and impact of mobile botnets. We find that node mobility can be a trigger to botnet propagation storms: the average size (i.e., number of compromised nodes) of a botnet increases quadratically over time if the mobility range that each node can reach exceeds a threshold; otherwise, the botnet can only contaminate a limited number of nodes with average size always bounded above. This also reveals that mobile botnets can propagate at the fastest rate of quadratic growth in size, which is substantially slower than the exponential growth of Internet botnets. To measure the denial-of-service impact of a mobile botnet, we define a new metric, called last chipper time, which is the last time that service requests, even partially, can still be processed on time as the botnet keeps propagating and launching attacks. The last chipper time is identified to decrease at most on the order of 1/B, where B is the network bandwidth. This result reveals that although increasing network bandwidth can help with mobile services; at the same time, it can indeed escalate the risk for services being disrupted by mobile botnets.

Citation Key6848085