Extending a framework for botnet simulation
Type
Bachelor’s or Master’s thesis
Description
Freely available traces of malicious/botnet traffic are a rare good in the research community. To solve this issue, our group develops a framework for botnet simulation based on the open source discrete-event network simulator ns-3. This simulator implements invariants in botnet centralized and de-centralized botnet command and control structures and allows to easily adapt/modify bot behaviour via Lua scripting language.
In context of this project, several problems have to be solved. Amongst others, he most important issues to solve are:
- Implement C&C channels via DNS and/or Twitter;
- Implement hybrid (centralzed & peer-to-peer) botnet architectures;
- Implement fast-flux netwoks;
- Implement botnet fluctuation (join/leave botnet) models, taking different time zones into account;
- Develop Lua scripts reflecting current bot families;
- Assess quality of synthesized network traces;
- Extend usability of simulator GUI.
This work directly contributes to our BMBF funded research project INSAIN.
Prerequisites
- Good coding skills (C/C++, Python)
- Good knowledge of prevalent Internet protocols and standards
- Very good in German or good in English language
- Knowledge in modeling and simulation is a plus
- Linux skills are a plus
- Creativity and ability to work independently
- Willingness to actively communicate with peers
Working condition
Flexible, no presence required. Home office is possible. Details will be discussed in regular personal meetings. Working place at CASED or h_da can be offered if required/wished.