Special Issue "Botnets"

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Applications".

Deadline for manuscript submissions: closed (31 January 2020).

Special Issue Editors

Dr. Konstantinos Kolias
Website
Guest Editor
Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA
Interests: security; Internet of Things; wireless communications; surveillance; privacy

Special Issue Information

Dear Colleagues,

Networks of large numbers of compromised devices are assembled by evildoers to spread malware and orchestrate a range of attacks, including spam and DDoS. Along with the rise of a significant number of IoT botnet families, like Mirai and Hajime, alerting is the fact that botnets are increasingly used for spreading malware of a versatile nature. According to a recent report by Kaspersky Lab pertaining to the first half of 2018, multifunctional bots, and particularly remote access tools (RAT) malware, are becoming more widespread. At the same time, cryptomining botnets Smominru and ADB.Miner proliferate. It is without doubt that we are transitioning into an era of more sophisticated and multipurpose botnets, and new detection and defensive mechanisms may be required.

The aim of the Special Issue at hand is to compile and publish solid works on the broad area of botnets, considering this threat from a both offensive and defensive perspective. We seek novel contributions from researchers, industrial practitioners, academia, and government agencies. Only technical papers describing previously unpublished, original, state‐of‐the‐art research, and not currently under review by a conference or journal will be considered. Surveys, simulations, practical results, and case studies are also welcomed.

Possible topics of interest of this Special Issue include but are not limited to:

  • Botnet topologies and architectures;
  • IoT botnets;
  • Advanced C&C channels;
  • Detection and mitigation of botnets;
  • Economics of botnets;
  • Legal issues pertaining to botnets.

Dr. Georgios Kambourakis
Dr. Konstantinos Kolias
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • botnets
  • cybersecurity
  • threat
  • attack
  • vulnerability
  • defense
  • intrusion
  • IoT

Published Papers (2 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Open AccessArticle
Another Step in the Ladder of DNS-Based Covert Channels: Hiding Ill-Disposed Information in DNSKEY RRs
Information 2019, 10(9), 284; https://doi.org/10.3390/info10090284 - 12 Sep 2019
Abstract
Covert channel communications are of vital importance for the ill-motivated purposes of cyber-crooks. Through these channels, they are capable of communicating in a stealthy way, unnoticed by the defenders and bypassing the security mechanisms of protected networks. The covert channels facilitate the hidden [...] Read more.
Covert channel communications are of vital importance for the ill-motivated purposes of cyber-crooks. Through these channels, they are capable of communicating in a stealthy way, unnoticed by the defenders and bypassing the security mechanisms of protected networks. The covert channels facilitate the hidden distribution of data to internal agents. For instance, a stealthy covert channel could be beneficial for the purposes of a botmaster that desires to send commands to their bot army, or for exfiltrating corporate and sensitive private data from an internal network of an organization. During the evolution of Internet, a plethora of network protocols has been exploited as covert channel. DNS protocol however has a prominent position in this exploitation race, as it is one of the few protocols that is rarely restricted by security policies or filtered by firewalls, and thus fulfills perfectly a covert channel’s requirements. Therefore, there are more than a few cases where the DNS protocol and infrastructure are exploited in well-known security incidents. In this context, the work at hand puts forward by investigating the feasibility of exploiting the DNS Security Extensions (DNSSEC) as a covert channel. We demonstrate that is beneficial and quite straightforward to embed the arbitrary data of an aggressor’s choice within the DNSKEY resource record, which normally provides the public key of a DNSSEC-enabled domain zone. Since DNSKEY contains the public key encoded in base64 format, it can be easily exploited for the dissemination of an encrypted or stego message, or even for the distribution of a malware’s binary encoded in base64 string. To this end, we implement a proof of concept based on two prominent nameserver software, namely BIND and NDS, and we publish in the DNS hierarchy custom data of our choice concealed as the public key of the DNS zone under our jurisdiction in order to demonstrate the effectiveness of the proposed covert channel. Full article
(This article belongs to the Special Issue Botnets)
Show Figures

Figure 1

Review

Jump to: Research

Open AccessReview
A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far
Information 2019, 10(11), 337; https://doi.org/10.3390/info10110337 - 30 Oct 2019
Abstract
Botnets have carved a niche in contemporary networking and cybersecurity due to the impact of their operations. The botnet threat continues to evolve and adapt to countermeasures as the security landscape continues to shift. As research efforts attempt to seek a deeper and [...] Read more.
Botnets have carved a niche in contemporary networking and cybersecurity due to the impact of their operations. The botnet threat continues to evolve and adapt to countermeasures as the security landscape continues to shift. As research efforts attempt to seek a deeper and robust understanding of the nature of the threat for more effective solutions, it becomes necessary to again traverse the threat landscape, and consolidate what is known so far about botnets, that future research directions could be more easily visualised. This research uses the general exploratory approach of the qualitative methodology to survey the current botnet threat landscape: Covering the typology of botnets and their owners, the structure and lifecycle of botnets, botnet attack modes and control architectures, existing countermeasure solutions and limitations, as well as the prospects of a botnet threat. The product is a consolidation of knowledge pertaining the nature of the botnet threat; which also informs future research directions into aspects of the threat landscape where work still needs to be done. Full article
(This article belongs to the Special Issue Botnets)
Show Figures

Figure 1

Back to TopTop