Analysis of the BotNet Ecosystem

Conference: CTTE 2011 - 10th Conference of Conference of Telecommunication, Media and Internet Techno-Economics
05/16/2011 - 05/18/2011 at Berlin, Germany

Proceedings: CTTE 2011

Pages: 10Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Kok, Jan; Kurz, Bernhard (Nokia Siemens Networks GmbH & Co. KG Munich, Germany)

In the Information Communication Technology (ICT) industry it is essential to manage security. It is of outmost interest of any network operator to secure the network infrastructure and subscriber data. Failing in ICT security is not an option. The e-crime scene utilizes modern tooling to address this very lucrative business. BotNet infrastructure is more and more used to perform e-crime. So far, Network operators are not highly impacted - but this situation will definitely change in the near future. The paper consists of three parts: Part 1 describes how BotNets differ from other types of malware. The principle of a BotNet is outlined and explained. Statistics and real examples are listed to illustrate the potential of a security threat. Part 2 focuses on the BotNet ecosystem by describing the existing roles and providing a quantified revenue flow between the players. It explains why the BotNet threat will be more important for a Mobile Network Operator (MNO) than for a Fixed Network Operator (FNO) incl. quantification of impact on the existing MNO business model. Finally Part 3 describes the CSP (Communication Solution Provider) solution to address the threat successfully. A modular approach ensures that the solution is flexible and adaptive: The analysis module evaluates multiple information sources to dynamically build up specific knowledge in order to identify BotNet activities. The detection module uses this knowledge to monitor the traffic in a mobile operator network for potential BotNet attacks. If such attacks are detected, further actions are triggered. The mitigation module cares about the cleaning of elements infected by the BotNet. The prevention module limits the impacts of BotNet attacks, e. g. by quarantining the victims.