The types of botnet attacks as well as their implications to the victim services are discussed in the present study

Home, - Evaluation of Botnet Attacks and its Mitigation Methods


With rapid development of information and communication technology, internet of things has been equipped with several interconnected cyber-physical attacks. It has opened a new era of ubiquitous computing as well as smart communications. In order to enable the prevalent IoT services, several small computing devices are considered as not important so that those have been reformatted as cyber-communication capacity. An IoT based botnet is considered as a group of hacked systems, smart appliances as well as internet-connected devices, which have been co-opted for illicit purposes. Present study deals with the types of botnet attack modules as well as structures. The types of botnet attacks as well as their implications to the victim services are discussed in the present study. The protective technologies are evaluates and recommendations are provided regarding protective resolution. 

The botnet attack modules

The Botnet is constructed with the words Robot as well as Network (Ahmed 2018).  Computer users install various anti-malware software in order to protect the system from threats and Trojans. In a simple word it can be said that a botnet is a various internet connected devices ad every device running one or more bots.  This software basically connected with computer, mobile IoT, smart phones etc that security has been breached and manage ceded to a third party. Many of the Botnets characterised with distributed denial of service attacks through which multiple equipment’s provide as various request to an internet computer or service. There are several endpoint products that are available and provide protection. It is important to scan the incoming as well as outgoing data provide protection from the malicious content as well as provide protection for the users. The endpoint security packages can be mentioned the code downloading the infected weebsites and Trojans from email or the mobile devices consisting of USBs. The web security companies like Marshal8e6 Inc as well as Finjan Software can provide web gateway protection, which can detect as well as defend the malicious codes. The modules can be described as followed.

a. Modules

i. The attacker or master

It is a kind of malicious attack that is used a large numbers of series of computers connection in order to take down a network, attack on network equipment, machines, information technology environment and websites.  In this regard, firstly need to design a various botnets or botnet army in the botnet attack (AZIZ and Okamura 2016). Furthermore, while botnet attract is start then these botnets are utilised to send network and request on internet request to the target system in a large numbers. 

ii. Handler

While a particular type of malware infects and control multiple internet connected systems and devices then it is known as the botnet (Tidke, Karde and Thakare2017).  Sometime, owners and computer users are unaware about the inflection and attack of botnet and their several devices such as PC’s mobile devices, computer, laptops etc are infected and attacked from the malware. Cybercriminals remotely used, control and manage the botnet attack equipment’s and their actions are always hidden to the users of computers. This kind of cybercriminal used to send the spam emails, messages to all contacts and create the malicious traffics in order to distributed denial of service attacks and organise the fraud campaign.

iii. Agents

In this regard, cybercriminals uses several botnets to spread new bots. It may very easy if various bots executes instrument to transfer and implement the file via FTP and HTTP (Bansal and et.al. 2015).  This kind of malware spread an email by using the botnet that is very simple idea and act.  Along with the 10000 host, botnet act as the initiate basis for the email malware that permit frequent spreading.

iv. Victims

Installation ofadvertisement addonsas well as Browser Helper Objects can be harmful for users. This kind of botnet can create in order to get financial advantage by the organisation. In this regard, several fake and fraud advertisement and promotion creates on the website and earn money from the organization (Kaur and Singh 2016).  The operator and organiser of the website create a fraud deal along with various hosting organisation that pay for per click on the advertisement on the website. This is an automated process that creates multiple bots click on the pop-ups. 

b. Botnet attack life cycle

Botnet follows a set of steps in their existence. The sets are characterized as a life cycle. The steps of botnet attack or life cycles can be listed as followed.

i. Initial infection

Botnet recruits new zombie systems using the same approaches as other malware. Google AdSense Abuse is included. This is another kind of botnet attack that is similar abuse as Google adSense programs. It encourages the organisation to promote and create advertisement on their website and internet page in order to attract customers and earn money and popularity.  Organisation can earn more than 10.000 per click on the ad per months (Al-Jarrah et al. 2016).  In this regard, cybercriminals can abuse this function with the botnet click on the promotions in automated fashion.

ii. Secondary infection

In this step, the attacker can change the secondary injections for functionality of bots on the injected hosts.Attacking IRC chat Networks is included in this. In this regard, botnet are also used in order to attack against the network of internet relay chat. This kind of attack is very common and frequently used in the present time (Gardner, Beard and Medhi 2017). This is known as the cone attack under which controller executor and controller order every bot in order to link a huge quantity of close to the network of IRC. 

iii. Connection

In order to stay well connected, the peers need to search for nearby peers.Manipulating online polls and games is considered in this type. This kind of botnet attack occurs on the online games and online polls and this kind of act is mostly occurs in the present time by youth generation.  It is very simple to manipulate in the botnet (Matta et al. 2016).  In this regard, cybercriminal uses the IP address that is associated with very bot in the online games and polls and every vote has the similar reliability.  In the present tie, there are mainly uses online games and polls   and can be manipulated in the same manner. 

iv. Malicious activities

Mass identity theft is one of the activities. This is another kind of botnet attack that is create in the Bogus Emails.  This is the fastest growing kind of theft and crime on the internet in the present time that occurs with help of fake PayPal and baking emails. This theft and stole the personal information of the users. 

v. Maintenance and upgrading

While a specific kind of malware contaminates and control various web associated frameworks and gadgets then it is known as the botnet (Javadianasl, Manaf and Zamani, 2017). At some point, proprietors and PC clients are uninformed about the enunciation and assault of botnet and their few gadgets, for example, PC's cell phones, PC, PCs and so on are contaminated and assaulted from the malware. Cybercriminals remotely utilized, control and deal with the botnet threats gears and their activities are constantly covered up to the clients of PCs. This sort of cybercriminal used to send the spam messages, messages to all contacts and make the malevolent deals so as to convey forswearing of administration assaults and compose the misrepresentation battle (Osagie, Okoye and Osagie2018).

3. Botnet attack types and implications

a. Examples

There are various kinds of Botnet attack that are discussed below manner-

Distributed Denial-of-service attacks- The Distributed Denial of service attract is a kind of attack that create on the network system and computer system because of the loss of services to owners or users (Kumar, Kumar and Gupta 2016).   Due to the bandwidth of the victim network is the reason of loss of network connectivity. If the Distributed Denial of service attack causes various packets per second then the resources are exhausted.

Spamming- This is another kind of botnet attack of networks upon the computer systems (Bertino and Islam 2017). The computer machines can utilised for nefarious task after have the SOCKs proxy that is known as the spamming.  The attacker can able to send the thousand and more than thousand emails spam emails with assistance of the botnet. 

Sniffing Traffic- This kind of attack is mostly use to retrieve sensitive data such as password and usernames.  Bot may utilise a packet sniffer in order to watch clear information text transferring from the computer system (Sembiring and Nugroho 2018).  The sniffed information can also utilise as other information. If the computer system is set with many other and also user use more than botnet.

Keylogging- If the encrypted communication paths such as POP3S and HTTPs utilised by the computer system then sniffing the network packet is impractical (Zhang et al. 2016). In this regard, attacker can easily retrieve sensitive data with help of keylogger and its main purpose is to keep and hack the information of the user by use of the botnet. 

b. Evaluation

There are several actions that the organization can take for protecting themselves from the part of a bothered. Application of security patches is considered as the key applications that can be helpful for the organization. On the other hand, the best method for protecting botnet is having an appropriate security products in proper place. For the organization, the place is important to provide primary protection is placed at the gateway (Kolias et al. 2017). The security of gateway is not adequate and enough when the mobile users as well as visitors are properly connecting inside the gateway. On the other hand, appropriate access control as well as two-factor authentication can be helpful in order to reinforce defenses in the matter (Balasubramanian 2016). There are other risk areas inside the particular network consisting the infection selected up from the staffs visiting malicious websites. It is believed that filtering of web content is based on the signature and protect against different type pf attacks. 

4. Recommendation of mitigation solution

The client server model communication through IRC channels can be helpful for prevention of security issues in botnet. The communication can be centralized where every bot is connected to the centralized command server. On the other hand, peer to peer communication model can be helpful to a single centralized server. A classic security method can be helpful for defending against web malwares. In this perspective, it is required to implement multi-layer protection. The gateway defences need to work in tandem with endpoint protection on the system of users. The products need to be provided through multiple different manufacturers. There are several endpoint products that are available and provide protection.   

5. Conclusion and future works

From the above discussion, it can be concluded that it is important to evaluate the security issues involved with botnet. Internet is filled with vulnerabilities and threats to the online security. There are several threats that are productive and make the positive technologies turned to make the use. In order to protect from botnet security issues, it is required to focus and aware with the security issues and take some security measures. The measures like anti-virus and HTTP protocol safe website can be helpful for the users. Updating the computer operating system can be helpful for mitigating the attacks. 

In order to stay safe from botnet attacks, it is required to be aware with daily usage of internet related devices. On the other hand, safety measures regarding the use would be helpful. These kinds of bots can host various fake websites ad internet page fantasising to be Pay Pal, Bank, Ebay and harvest personal data.  In order to determine the theft, keylogging as well as sniffing of traffic that the users utilize. Cybercriminals design a large network of zombie machines and then sale address to network of zombie to other criminal. In order to operate and run a large scale spam campaign, spammers may rent and buy networks in upcoming days.

Leave a comment


Related :-