Extending a Botnet Simulation Framework

Extending a framework for botnet simulation

Type

Bachelor’s or Master’s thesis

Description

Freely available traces of malicious/botnet traffic are a rare good in the research community. To solve this issue, our group develops a framework for botnet simulation based on the open source discrete-event network simulator ns-3. This simulator implements invariants in botnet centralized and de-centralized botnet command and control structures and allows to easily adapt/modify bot behaviour via Lua scripting language.

In context of this project, several problems have to be solved. Amongst others, he most important issues to solve are:

  • Implement C&C channels via DNS and/or Twitter;
  • Implement hybrid (centralzed & peer-to-peer) botnet architectures;
  • Implement fast-flux netwoks;
  • Implement botnet fluctuation (join/leave botnet) models, taking different time zones into account;
  • Develop Lua scripts reflecting current bot families;
  • Assess quality of synthesized network traces;
  • Extend usability of simulator GUI.

This work directly contributes to our BMBF funded research project INSAIN.

Prerequisites

  • Good coding skills (C/C++, Python)
  • Good knowledge of prevalent Internet protocols and standards
  • Very good in German or good in English language
  • Knowledge in modeling and simulation is a plus
  • Linux skills are a plus
  • Creativity and ability to work independently
  • Willingness to actively communicate with peers

Working condition

Flexible, no presence required. Home office is possible. Details will be discussed in regular personal meetings. Working place at CASED or h_da can be offered if required/wished.

Contact

Sebastian Abt