Shankar Karuppayah
Last known affiliation: Universiti Sains Malaysia
Bio: Shankar Karuppayah is a Senior Lecturer at the National Advanced IPv6 Centre, Universiti Sains Malaysia since June 2016. Previously, he was attached to the Center for Advanced Security Research Darmstadt (CASED) / TU Darmstadt, Germany (2012-16) where he also obtained his PhD. His research interests encompass Internet of Things (IoT), IT and network security, network monitoring, and botnets.
Leon Böck 🗣 | Shankar Karuppayah 🗣 | Dave Levin | Max Mühlhäuser
Abstract (click to view)
To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time, to compare them against each other and traditional Windows based P2P botnets. During this process we came across several challenges and insights in scaling and maintaining multiple monitoring operations simultaneously. In this talk we want to share our insights and introduce the Botnet Monitoring System, a tool to reduce redundancy and enable collaboration for P2P botnet monitoring.
Leon Böck 🗣 | Shankar Karuppayah | Max Mühlhäuser | Emmanouil Vasilomanolakis
Abstract (click to view)
Conducting botnet research is oftentimes limited to the anal-ysis of active botnets. This prevents researchers from testing detectionand tracking mechanisms on potential future threats. Specifically in thedomain of P2P botnets, the configuration parameters, network churnand anti-tracking mechanisms greatly impact the success of monitoringoperations. As developing and deploying botnets for testing is not pos-sible at scale, this paper attempts to address this issue by introducinga simulation framework for P2P botnets. The capabilities of this frame-work include the simulation of P2P botnets with more than 10,000 bots,realistic churn behaviors and implementation of common P2P botnetmonitoring mechanisms. Furthermore, BSF allows the possibility of thesimulated traffic to be injected into arbitrary network files (i.e. PCAP)using the Intrusion Detection Dataset Toolkit (ID2T).