Integrating botnet simulations with network centric warfare simulations

"Botnets," or "bot armies," are large groups of remotely controlled malicious software designed and operated in order to conduct attacks against government and civilian targets. Bot armies are one of the most serious security threats to networks and computer systems in operation today. Botnets are remotely operated by botmasters who can launch large-scale malicious network activity. While bot army activity has, to date, been largely limited to fraud, blackmail, and other criminal activity, their potential for causing large-scale damage to the entire internet and launching large-scale, coordinated attacks on government computers, networks, and data gathering operations has been underestimated. This paper will not discuss how to build bots but instead discuss ways to use simulation to address the threats they pose. This paper suggests means for addressing the need to provide botnet defense training based upon existing simulation environments and discusses the capabilities needed for training systems for botnet activities. In this paper we discuss botnet technologies and review the capabilities that underlie this threat to network, information, and computer security. The second section of the paper contains background information about bot armies and their foundational technologies. The third section contains a discussion of the techniques we developed for estimating botnet bandwidth consumption and our approach for simulating botnet activities. The fourth section contains a summary and suggestions for additional research.