Botnet Defense System: Observability, Controllability, and Basic Command and Control Strategy.

This paper deals with the observability, controllability, and command and control strategy in the Botnet Defense System (BDS) that disinfects malicious botnets with white-hat botnets. The BDS defends an IoT system built over the Internet. The Internet is characterized by openness, but not all nodes are observable and controllable. We incorporated the concept of observability and controllability into the BDS design and theoretically clarified that the BDS can enhance its observability and controllability by utilizing its white-hat botnets. In addition, we proposed a Withdrawal strategy as a basic strategy to command and control white-hat botnets. Then, we modeled the BDS, adopted the Withdrawal strategy with agent-oriented Petri net PN and confirmed the effect through the simulation of the model. The result shows that even if considering observability and controllability, the BDS wiped out the malicious bots and reduced the white-hat bots to less than 1% as long as the white-hat worms were sufficiently infectious.