Leon Böck
Last known affiliation: Technische Universität Darmstadt
Bio: Leon Böck is a Ph.D. student at the Telecooperation Labs at Technical University of Darmstadt. His research focus is on detection, monitoring and prevention of Peer-to-Peer botnets. In addition to the technical aspects of his research, he is interested in the legal and privacy concerns related to fighting botnets and malware. He received his MSc in computer science from TU Darmstadt in 2017 with a masters thesis on the topic “On P2P botnet monitoring in adverse conditions”. Aside his research interests, he enjoys reading non-fiction, hiking and running.
Leon Böck 🗣 | Shankar Karuppayah 🗣 | Dave Levin | Max Mühlhäuser
Abstract (click to view)
To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time, to compare them against each other and traditional Windows based P2P botnets. During this process we came across several challenges and insights in scaling and maintaining multiple monitoring operations simultaneously. In this talk we want to share our insights and introduce the Botnet Monitoring System, a tool to reduce redundancy and enable collaboration for P2P botnet monitoring.
Leon Böck 🗣 | Shankar Karuppayah | Max Mühlhäuser | Emmanouil Vasilomanolakis
Abstract (click to view)
Conducting botnet research is oftentimes limited to the anal-ysis of active botnets. This prevents researchers from testing detectionand tracking mechanisms on potential future threats. Specifically in thedomain of P2P botnets, the configuration parameters, network churnand anti-tracking mechanisms greatly impact the success of monitoringoperations. As developing and deploying botnets for testing is not pos-sible at scale, this paper attempts to address this issue by introducinga simulation framework for P2P botnets. The capabilities of this frame-work include the simulation of P2P botnets with more than 10,000 bots,realistic churn behaviors and implementation of common P2P botnetmonitoring mechanisms. Furthermore, BSF allows the possibility of thesimulated traffic to be injected into arbitrary network files (i.e. PCAP)using the Intrusion Detection Dataset Toolkit (ID2T).