Abstract
Grown internet usage by individual and industries have also increased the attack vector in cyberspace rapidly. Botnet is a digital weapon used by attackers to commit cybercrime in stealthiest way for all type of illegal online activity. Botnet is well articulated attack responsible for many malicious activities in large volume and mass effective against any targeted organization such as confidential data theft, financial loss, distribution of pirated products, e-business extortion and network or service disruption. Because of its global nature of infection and innovative covert techniques of malware development to evade detection, it is also known as advance persistent threat. An analysis of this APT revealed the advancement in sophistication of bot malware by encryption methods, concealed network connections and silent escape as an effective tool for profit-motivated e-crime. Reverse engineering is procedure to analyze malware to classify its type, hazard, impact on machine, information outflow and removal of signature technique. Botnet (APT) detection needs improvised process to identify the channel, architecture and encryption weakness. In bot examination; Programming style, network protocol and behavior analysis can mitigate the APT by creating signature, prototype of behavior based approach and elimination of C&C servers. Reverse engineering is excellent way for defense the modern botnets to immune valuable information by identifying the evidence behavior, log collection and digital forensics. The main aim of study is to determine the most adequate approach to recreate a botnet incident. Network security is prime concern to avoid state sponsored attacks like botnet so security of digital nation and e-governance can be assured.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Thakar, B., Parekh, C.: Advance persistent threat: botnet. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, ICTCS 2016, Udaipur, India, 4–5 March 2016, Article No. 143. ACM, New York (2016). http://dl.acm.org/citation.cfm?doid=2905055.2905360. Famous Botnet table
Sikorski, M., Honig, A.: Practical Malware Analysis: the Hands-on Guide to Dissecting Malicious Software. ISBN 978-1-59327-290-6
Ligh, M., Adair, S., Hartstein, B., Richard, M.: Malware Analyst’s Cookbook. ISBN 978-0-470-61303-0
Ashley, D.: Analysis of a Simple HTTP Bot. SANS Institute whitepapers. https://www.sans.org/reading-room/whitepapers/malicious/analysis-simple-http-bot-33573
Satrya, G.B., Cahyani, N.D.W., Andreta, R.F.: The detection of 8 type malware botnet using hybrid malware analysis in executable file windows operating systems. In: Proceedings of the 17th International Conference on Electronic Commerce 2015, ICEC 2015. Informatics, Telkom University, Article No. 5. ACM, New York (2015). doi:10.1145/2781562.2781567. ISBN 978-1-4503-3461-7
Pfeffer, A., Call, C., Chamberlain, J., Kellogg, L., Ouellette, J., Patten, T., Zacharias, G., Lakhotia, A., Golconda, S., Bay, J., Hall, R., Scofield, D.: Malware analysis and attribution using genetic information. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, Fajardo (2012). ISBN 978-1-4673-4880-5
Wu, Y., Zhang, B., Lai, Z., Su, J.: Malware network behavior extraction based on dynamic binary analysis. In: 2012 IEEE International Conference on Computer Science and Automation Engineering, Beijing (2012). ISBN 978-1-4673-2007-8
Lastline Whitepaper: The Threat of Evasive Malware, 25 February 2013. https://www.lastline.com/papers/evasive_threats.pdf
Microsoft: Understanding anti-malware technologies (2007). http://download.microsoft.com/download/a/b/e/abefdf1c-96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf
Sanabria, A.: Malware Analysis: Environment Design and Architecture, 18 January 2007. https://www.sans.org/reading-room/whitepapers/threats/malware-analysis-environment-design-artitecture-1841
Thapliyal, M., Bijalwan, A., Garg, N., Pilli, E.S.: A generic process model for botnet forensic analysis. In: Conference on Advances in Communication and Control Systems 2013 (CAC2S 2013). Atlantis Press (2013)
Cusack, B.: Botnet forensic investigation techniques and cost evaluation. Junewon Park Digital Forensic Research Laboratories. In: ADFSL Conference on Digital Forensics, Security and Law (2014)
Zeus Botnet Case Study. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/zeus_king_of_bots.pdf
Zeus Botnet Case Study. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ZEUS
Destover Wiper Case Study. https://securelist.com/blog/research/67985/destover/
Mirai Botnet Case Study. https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
Mirai Botnet Case Study. https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
Mirai Botnet Case Study. https://www.symantec.com/connect/blogs/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Thakar, B., Parekh, C. (2018). Reverse Engineering of Botnet (APT). In: Satapathy, S., Joshi, A. (eds) Information and Communication Technology for Intelligent Systems (ICTIS 2017) - Volume 2. ICTIS 2017. Smart Innovation, Systems and Technologies, vol 84. Springer, Cham. https://doi.org/10.1007/978-3-319-63645-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-63645-0_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63644-3
Online ISBN: 978-3-319-63645-0
eBook Packages: EngineeringEngineering (R0)