Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Managing Information Risk and the Economics of Security Kapitel lesen Erstes Kapitel lesen

2009 | OriginalPaper | Buchkapitel

12. Botnet Economics: Uncertainty Matters

verfasst von : Zhen Li, Qi Liao, Aaron Striegel

Erschienen in: Managing Information Risk and the Economics of Security

Verlag: Springer US

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Botnets have become an increasing security concern in today’s Internet. Thus far the mitigation to botnet attacks is a never ending arms race focusing on technical approaches. In this chapter, we model botnet-related cybercrimes as a result of profit-maximizing decision-making from the perspectives of both botnet masters and renters/attackers. From this economic model, we can understand the effective rental size and the optimal botnet size that can maximize the profits of botnet masters and attackers. We propose the idea of using virtual bots (honeypots running on virtual machines) to create uncertainty in the level of botnet attacks. The uncertainty introduced by virtual bots has a deep impact on the profit gains on the botnet market. With decreasing profitability, botnet-related attacks such as DDoS are reduced if not eliminated from the root cause, i.e. economic incentives.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Studying Malicious Websites and the Underground Economy on the Chinese Web
Nächstes Kapitel Cyber Insurance as an Incentivefor Internet Security
Fußnoten
1
Alternatively, we can view n e as the minimum number of accesses required to disable a website, and further define the number of accesses per machine to figure out the size of rental. We do not see it necessary to go into such details and believe our conclusions are not affected.
 
2
Although we are considering Internet Relay Chat (IRC), which is the dominant C&C channel in today’s botnet, the parameter for botnet maintenance costs can be defined accordingly based on the underlying technique adopted to control bots, whether through IRC or other decentralized systems such as P2P.
 
3
Similar to the determination of n e , how many bots, q, a C&C channel can host is determined by technological progresses and limited by the capacity of the channel. Given technology, q is fixed.
 
4
Defenders refer to whoever has the incentive to run/maintain honeypots such as researchers and government agencies. While these organizations by lawhave desire to fight against cybercriminals, private parties may also be motivated to create honeypots if they are financially compensated. For example, a honeypot server may collect data on the botnet to sell to customers for development of infrastructure protection techniques.
 
5
Furthermore, the increased likelihood for an attack to fail also increases the psychological costs of launching such an attack, which makes the practice even less interesting.
 
6
In reality, the chance for a botnet master to be detected and arrested is small. Dropping the penalty component of the costs does not damage the model conclusions. Effects of non-zero legal punishment and how legal enforcement can be combined with honeypots to fight botnets, especially when botnets are used to launch attacks with linearly increasing payoffs such as spams, are studied in a related work.
 
7
The actual values of the parameters can be estimated from empirical studies. The numbers assigned here are for illustrative purposes.
 
8
Botnetmasters may seek for innovation in response to the increased use of honeypots. For example, they may develop cheaper means of C&C (i.e., lower m). According to (20) and (21), profit may increase and the cutoff p v has to be larger. Cheaper means of C&C is unfavorable innovation concerning fighting attacks. Nevertheless, it does not affect the nature of model conclusions.
 
9
The effective size of a botnet is the number of bots connected to the IRC channel at a specific time. While the effective size has less impact on long-term activities such as executing commands posted as channel topics, it significantly affects the number of minions available to execute timely commands such as DDoS attacks.
 
10
The size of the botnet is 1.11 (=1/(1 – 0.1)) times the size in the benchmark case. The increase in size is 11 percent.
 
Literatur
Bacher, P., Holz, T., Kotter, M., and Wicherski, G. “Know Your Enemy: Tracking Botnets,” The Honeynet Project & Research Alliance, March 2005.
Dagon, D., Zou, C., and Lee, W.“Modeling BotnetPropagation Using Time Zones,” in Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS’06), Febuarary. 2006.
Ford, R., and Gordon, S. “Cent, Five cent, Ten cent, Dollar: Hitting Botnets Where It Really Hurts,” in New Security Paradigms Workshop, 2006, pp. 3–10.
Franklin, J., and Perrig, A. “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants,” in Proceedings of the 14th ACM conference on Computer and Communications Security, SESSION: Internet Security, Alexandria, Virginia, 2007, pp. 375–388.
Jin, C., Wang, H., and Shin, K. “Hop-Count Filtering: An Effective Defense Against Spoofed DoS Traffic,” in Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003, pp. 30–41.
Jin, S. and Yeung, D. “A Covariance Analysis Model for DDoS Attack Detection,” in Proceeding of the IEEE International Conference on Communications (ICC), vol. 4, June 2004, pp. 1882–1886.
Karasaridis, A., Rexroad, B., and Hoeflin, D. “Wide-scale BotnetDetection and Charaterization,” in USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.
Mahajan, R., Bellovin, S., Floyd, S., Ioannidis, J., Paxon, V., and Shenker, S. “Controlling High Bandwidth Aggregates in the Network,” ACM SIGCOMM Computer Communication Review(32:3), July 2002, pp. 62–73.CrossRef
Park, K., and Lee, H. “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack,” in Proceedings of INFOCOM 2001, 2001, pp. 338–347.
Rajab, M. A., Zarfoss, J., Monrose, F. and Terzis, A. “A Multifaceted Approach to Understanding the BotnetPhenomenon,” in 6th ACM SIGCOMM conference on Internet Measurment, SESSION: Security and Privacy, 2006, pp. 41–52.
Rajab, M. A., Zarfoss, J., Monrose, F., and Terzis, A. “My Botnetis Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging,” in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA, 2007, pp. 5.
Savage, S., Wetherall, D., Karlin, A. P., and Anderson, T. “Practical Network Support for (IP) Traceback,” in Proceedings of SIGCOMM, 2000, pp. 295–306.
Snoeren, A., Partridge, C., Sanchez, L., Jones, C., Tchakountio, F., Kent, S. and Strayer, W. “Hash-Based IP Traceback,” in Proceedings of SIGCOMM, 2001, pp. 3–14.
Xu, J., and Lee, W. “Sustaining Availability of Web Services under Distributed Denial of Service Attacks,” Transactions on Computers (52:2), Feburary 2003, pp. 195–208.MathSciNetCrossRef
Yau, D. K. Y., Lui, J. C. S., Liang, F. and Yam, Y. “Defending against Distributed Denial-of-Service Attacks with Max-min Fair Server-centric Router Throttles,” IEEE/ACM Transactions on Networking (13:1), 2005, pp. 29–42.CrossRef
Metadaten
Titel
Botnet Economics: Uncertainty Matters
verfasst von
Zhen Li
Qi Liao
Aaron Striegel
Copyright-Jahr
2009
Verlag
Springer US
Buch
Managing Information Risk and the Economics of Security

Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright-Jahr: 2009

DOI
https://doi.org/10.1007/978-0-387-09762-6_12

Premium Partner

    Bildnachweise