Botconf Author Listing

Max Mühlhäuser


Last known affiliation: Technische Universität Darmstadt
Bio: Prof. Dr. Max Mühlhäuser is head of the Telecooperation Lab (TK for short) at the Technical University of Darmstadt, Informatics Dept. His lab conducts research on smart ubiquitous computing environments in the Future Internet – from smart mixed-reality rooms to smart cities and smart & resilient critical infrastructures.
Date: 2022-04-27
Insights and Experiences from Monitoring Multiple P2P Botnets
Leon Böck 🗣 | Shankar Karuppayah 🗣 | Dave Levin | Max Mühlhäuser

Abstract (click to view)

To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time, to compare them against each other and traditional Windows based P2P botnets. During this process we came across several challenges and insights in scaling and maintaining multiple monitoring operations simultaneously. In this talk we want to share our insights and introduce the Botnet Monitoring System, a tool to reduce redundancy and enable collaboration for P2P botnet monitoring.

Slides Icon
PDF
Video
Date: 2020-12-01
An overview of the Botnet Simulation Framework
Leon Böck 🗣 | Shankar Karuppayah | Max Mühlhäuser | Emmanouil Vasilomanolakis

Abstract (click to view)

Conducting botnet research is oftentimes limited to the anal-ysis of active botnets. This prevents researchers from testing detectionand tracking mechanisms on potential future threats. Specifically in thedomain of P2P botnets, the configuration parameters, network churnand anti-tracking mechanisms greatly impact the success of monitoringoperations. As developing and deploying botnets for testing is not pos-sible at scale, this paper attempts to address this issue by introducinga simulation framework for P2P botnets. The capabilities of this frame-work include the simulation of P2P botnets with more than 10,000 bots,realistic churn behaviors and implementation of common P2P botnetmonitoring mechanisms. Furthermore, BSF allows the possibility of thesimulated traffic to be injected into arbitrary network files (i.e. PCAP)using the Intrusion Detection Dataset Toolkit (ID2T).

Video
Paper Link Icon
Article
Scroll to Top