The Normal Operation Of A Botnet

1339 Words6 Pages
A. Botnet Life cycle Processes involved in the normal operation of a botnet has no comprehensive approach to either the stages encompassing the life cycle, or the lack of compartmentalization between them (see Figure 1, Botnet Life cycle Taxonomy). Apart from normal operations, so far there’s no qualitative analysis on how these stages should be characterized, defined, or distinguished. A proposed botnet life cycle stage starts with conception and ends with reaching the desired malicious intent, i.e. a successful attack and can include DDoS, spam, phishing, or click fraud. Corresponding mechanisms to these stages of the botnet life cycle are typically focused on attempting to hide the botnet (communication processes, location of the bots, and botmaster), some of these methods include IP spoofing, multi-hopping, polymorphism, and fast-flux networks. (Garcıa-Teodoro, Macia-Fernandez, & Rodrıguez-Gomez, 2012). Any defensive approach to overcoming a botnet is dedicated to preventing execution of a particular process in one of the botnet life cycle stages or combine processes in one or more stages. Deterring execution of a single stage in the botnet life cycle can thwart a malicious and devastating outcome. In principle, prevention of hidden mechanisms doesn’t suggest deterrence of the botnet goal, but increases the probability that a botnet will be identified by a defense method. Figure 1: Botnet Life cycle Taxonomy Figure 1: Each stage of the life cycle depicts process
Open Document