National_Catalogues: Using Covert Means to Establish Cybercraft Command and Control
Title:
Using Covert Means to Establish Cybercraft Command and Control
Identifier:
ADA500658
STOAbstractExternal:
The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that will provide automated and trusted cyber defense capabilities for AF network assets. In this research, we consider the issues of how to protect or obfuscate command and control aspects of the system. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. This research will subject Bothunter to a series of tests to validate these claims. We use a leading bot detection utility, Bothunter, and an ARP validation tool, XArp, to build a case for the effectiveness of our approach. We present three scenarios that correlate to how we believe Cybercraft platforms will be integrated in the future and consider stealthiness in terms of these representative tools.
STOAuthorExternal:
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MAN Sevy, Bradley D.AGEMENT
STOClassificationExternal:
N
STOKeywordsExternal:
CYBERCRAFT, MALWARE, BOTNET, BOTNET DETECTION
STOPublisher:
USA
Language:
English
STOReportSource:
http://www.dtic.mil/docs/citations/ADA500658
Published:
3/1/2009
Created at 11/9/2016 3:26 PM by System Account
Last modified at 11/9/2016 3:26 PM by System Account
Go back to list
Home(Publications)