Defense Against Botnet | BSF - Botnet Simulation Framework

Introduction

Botnets are now one of the series issues we are facing today. They are widely used by hackers and cybercriminals to perform various types of cyberattacks. Introducing an awesome tool to assess the strength of your security measures and fight against botnet attacks.

What is Botnet?

Bot-Net – Network of Bots. What are bots? Basically, bots are devices that are connected to the internet, infected by malware, and/or are under the control of a master. These bots can be coordinated and synchronized to work together to attain a common task. For example, DDOS, sending traffic to a server from multiple nodes at the same time can make the server crash if it is not configured properly. They can also be used for bridging networks, credentials leaks, unauthorized access as well as data theft.

Hackers will have access to hundreds of internet-connected devices like smartphones, IoT devices and even desktop PCs at the same time. If he wants, he can command and control these devices to carry out deadly activities.

How did they become bots in the first place? Hackers initially gain control over these devices by using unsuspicious trojans which are embedded in legitimate-looking files to get into the computers’ systems. Once they have bypassed the security, they can take complete control over the system and carry out malicious activities on a large scale. They can also be automated so that they can be made to coordinate and attack by running a simple script.

Defending Against BotNets

In most cases, botnet attacks can be tackled some of the basic security practices. Installing a good antivirus software can help you detect trojans before they get installed onto our system and turning it into a Zombie. Having a firewall can help you monitor and control traffic to a great extend. Also, general awareness on phishing, email security practices, third party software downloads can help you and your company fight against botnets to a great extend.

But what if we could study the intensity of botnet attacks and finetune our defence strategies? This could give the blueteam an upperhand and prepare for various botnet attacks. That is where BSF comes in.

What is BSF?

Using BSF, you can create a simulated environment to plan, test, and execute various types of botnets and their attacks, and study the impact of that Botnet in your system. This will allow us to assess the strength of your current security system and plan your defense in advance.

Setup BSF

First step to install BSF is to set up OMNeT++. They provides a component architecture for models. The Components or modules are programmed in C++ and then assembled into larger components and models using a high-level language (NED). Reusability of models comes for free.

Then we will set up the visualization components. To visualize the botnet simulations, the following python packages are required:

pip install dash==1.2.0
pip install dash-daq==0.1.0
pip install networkx

Running BSF Simulation

You can run the simulation using IDE and CLI. For beginners who are getting started, IDE would be their best choise.

o run a simulation within the IDE you need to setup a run configuration. For this, right click the *.ini file and select Run As -> Run Configurations. Next setup your configuration file as shown in the image below:

Now simply hit apply and run. The output of the simulation will appear in the IDE console.

Learn more about configuration from here.

Visualizing

Once the simulation has completed running, the app uses the logfiles and graphs to create a user friendly visualiaztion which can be viewed using any web browser.

To visualize, go to the visualization folder and run app.py. Once it starts running, you can open a web browser and go to http://127.0.0.1:8050/. You will see something like this.