Doctor of Philosophy
Analytical Lifecycle Modeling and Threat Analysis of Botnets
Abstract: Botnet, which is an overlay network of compromised computers built by cybercriminals known as botmasters, is the new phenomenon that has caused deep concerns to the security professionals responsible for governmental, academic, and private sector networks. Botmasters use a plethora of methods to infect network-accessible devices (nodes). The initial malware residing on these nodes then either connects to a central Command & Control (C&C) server or joins a Peer-to-Peer (P2P) botnet. At this point, the nodes can receive the commands of the botmaster and proceed to engage in illicit activities such as Distributed Denial-of-Service (DDoS) attacks and massive e-mail spam campaigns.
Being able to reliably estimate the size of a botnet is an important task which allows the adequate deployment of mitigation strategies against the botnet. In this thesis, we develop analytical models that capture the botnet expansion and size evolution behaviors in sufficient details so as to accomplish this crucial estimation/analysis task. We develop four Continuous-Time Markov Chain (CTMC) botnet models: the first two, SComI and SComF, allow the prediction of initial unhindered botnet expansion in the case of infinite and finite population sizes, respectively. The third model, the SIC model, is a botnet lifecycle model which accounts for all important node stages and allows botnet size estimates as well as evaluation of botnet mitigation strategies such as disinfections of nodes and attacks on botnet’s C&C mechanism. Finally, the fourth model, the SIC-P2P model, is an extension of the SIC model suitable for P2P botnets, allowing fine-grained analysis of mitigation strategies such as index poisoning and sybil attack.
As the convergence of Internet and traditional telecommunication services is underway, the threat of botnets is looming over essential basic communication services. As the last contribution presented in this thesis, we analyze the threat of botnets in the 4G cellular wireless networks. We identify the vulnerability of the air interface, i.e. the Long Term Evolution (LTE), which allows a successful botnet-launched DDoS attack against it. Through simulation using an LTE simulator, we determine the number of botnet nodes per cell that can significantly degrade the service availability of such cellular networks.
Date Completed: April 2013
Master of Science
Study and Implementation of IEEE 802.11 Physical Layer Model in YANS (Future NS-3) Network Simulator
Due to known difficulties of researchers in the networking domain regarding experimentation of their ideas in actual networks, network simulators have become indispensable tools for investigating and validating various ideas in all layers of the network. However, most of the wireless network researchers are not completely familiar with the implications of the assumptions they make for the physical layer in their scenarios. For the sake of building the case for a good simulator, it will be demonstrated that unknown assumptions might lead to wrong conclusions about the performance of the protocols under examination.
Having a feature-rich IEEE 802.11 Physical and MAC in a network simulator, which has more chance to be a realistic model, is of paramount interest to both Digital Communications researchers and Networking researchers. This thesis is an effort to study, design and implement a near-realistic IEEE 802.11a physical layer model, with all the phenomena associated with this layer.
YANS network simulator, a product of INRIA-Planète group and father of the future NS-3 network simulator, is the simulator whose Physical layer is the basis of this thesis work. The implementation choices have been made based on the original architecture and with the intention of causing as little disturbance as possible to the original mechanics of the simulator.
As the principle objective, this thesis examines what it takes to have a feature-rich physical layer model, and then as the secondary goal, how these concepts could be implemented in the network simulator. Not all the explored concepts are part of the IEEE 802.11a standard, like the propagation models; nonetheless, they play a key role in having a realistic, and working, implementation.
We present the related concepts and implementation choices, where applicable, in a step-by-step approach within this thesis. Different propagation models, i.e., large-scale path loss models and fading, bit error rate calculation formulas depending on the type of modulation used and the specific channel type under examination, forward error correction mechanism employed in IEEE 802.11a and related issues, influence of Viterbi decoder on the bit error rate and, finally, bit error distribution models are the major issues elaborated in this work.
As a future work, it is envisaged to validate the results of IEEE 802.11 simulations with experiments done in ORBIT and/or Emulab testbeds. The intention of this work would be measurement-based validation of our models, by finding a set of physical layer configurations, based on which, a strong correlation between simulation and experimentation could be achieved.
Please Click Here to download my MSc thesis in PDF format.
Please Click Here to download the presentation file in PDF format.
Here is an interim Report of my MSc thesis, with a focus on implementation issues, from early November 2006.
Date Completed: January 2007
Bachelor of Science
Analysis of Real-time Fax over IP (FoIP) Using Simulation
It’s been some time now that expressions like “Voice over IP”, “Fax over IP” and the likes are heard extensively in the telecommunications industry. The idea is utilizing data networks to deliver telecommunications services which are currently provided by the PSTN. The incentive is pretty straightforward: cutting costs and yet being able to provide the previous services, not to mention the added capabilities to deliver a multitude of other services, hardly imagined feasible with the PSTN.
When considering the implementation of the aforementioned objective, one faces a lot of difficulties. Simply put, the current data networks, e.g. the Internet, have not been designed with telecommunications services in mind. They have been optimized to carry data which is bursty in nature. This design is in obvious contradiction to the requirements of the telecommunications services, one of which is fax. In this thesis, Fax over Internet protocol (FoIP) is being considered which has two possible approaches to be accomplished: Real-time and Store-and-Forward. Real-time approach is the ultimate goal since it is the real-time faxing which makes the transition from the PSTN to the Internet-based architecture smooth.
Signaling comprises initiation, management and tear-down of sessions examples of which are fax, voice, video and the like. Currently there are two protocols that can provide an end-to-end solution: H.323 and Session Initiation Protocol (SIP). SIP is the protocol of choice among other standards in the voice and fax transmission domains due to its numerous advantages.
In this thesis, we intend to closely examine some aspects of the new architecture and its implementation feasibility. Different components of the real-time Fax over IP architecture are analyzed and we pay a particular attention to the signaling part. Utilization of SIP and SDP, a companion protocol to SIP for capabilities exchange, in fax transmission is studied.
What we intend to do is exploring whether fax parameters details can be negotiated using SIP/SDP. Session establishment, starting a sample file transfer, which can act on behalf of real-time fax transfer, and the subsequent session tear-down, after file transfer is complete, are demonstrated. This simulation scenario and its results exhibit the potential success of the proposed SIP/SDP combination for real-time fax session establishment, management and tear-down.
Another important analysis carried out in this thesis is the utilization of SIP contact header for reducing the load on proxy servers which is a highly desirable feature.
Please Click Here to download my BSc thesis in PDF format.
Date Completed: September 2004
- Masood Khosroshahy, Mustafa K. Mehmet Ali and Dongyu Qiu (2012), “The SIC Botnet Lifecycle Model: A Step Beyond Traditional Epidemiological Models”, Computer Networks (Elsevier), Special Issue on Botnet Activity: Analysis, Detection and Shutdown, Volume 57, Issue 2, pp. 404–421, DOI: 10.1016/j.comnet.2012.07.020 (preprint)
- Masood Khosroshahy (2011), “UARA in Edge Routers: An Effective Approach to User Fairness and Traffic Shaping”, International Journal of Communication Systems (Wiley), 25: 169–184. DOI: 10.1002/dac.1262 (preprint, project page)
- Masood Khosroshahy, Dongyu Qiu and Mustafa K. Mehmet Ali (2013), “Botnets in 4G Cellular Networks: Platforms to Launch DDoS Attacks Against the Air Interface”, 2013 International Conference on Selected Topics in Mobile and Wireless Networking (MoWNeT), 19-21 August 2013, Montréal, Canada, DOI: 10.1109/MoWNet.2013.6613793 (presentation, preprint)
- Masood Khosroshahy, Mustafa K. Mehmet Ali and Dongyu Qiu (2012), “SComF and SComI Botnet Models: The Cases of Initial Unhindered Botnet Expansion”, 25th Annual Canadian Conference on Electrical and Computer Engineering (CCECE12), April 29-May 2, 2012, Montréal, Canada, DOI: 10.1109/CCECE.2012.6334871 (preprint)
- Masood Khosroshahy, Bahman Abolhassani and David E. Dodds (2005), “Utilizing DiffServ and SIP Contact Header for Real-time Fax Traffic Engineering”, 18th Annual Canadian Conference on Electrical and Computer Engineering, CCECE05, May 1-4, 2005, Saskatoon, Saskatchewan, Canada (DOI: 10.1109/CCECE.2005.1557247, preprint, more info)
- Abbas Ali Lotfi Neyestanak, Farrokh Hojjat Kashani and Masood Khosroshahy (2004), “Analysis and Optimization of a New Ultra Wide Band Antenna for Wireless Communication”, EUROEM 2004, Euro Electromagnetics, 12-16 July 2004, Magdeburg, Germany (more info)
- Abbas Ali Lotfi Neyestanak, Ali Homaii, Masood Khosroshahy and Mohammad Mirhosaini (2004), “Design and Optimization of a New Power Monitor with Small Size”, 8th WSEAS International Conference on Communications, 12-15 July 2004, Vouliagmeni, Athens, Greece (more info)
- Abbas Ali Lotfi Neyestanak, Farrokh Hojjat Kashani and Masood Khosroshahy (2004), “A New Optimization Approach in the Design of E-Shaped Patch Antenna”, 5th WSEAS International Conference on Applied Mathematics, 21-23 April 2004, Miami, Florida, USA and in WSEAS Transactions on Mathematics, issue 1, Volume 3, January 2004 (more info)
- Masood Khosroshahy, “Peer-to-Peer traffic,” Tech. Rep., Aug. 2009.
- Masood Khosroshahy, “BitTorrent,” Tech. Rep., Jul. 2009.
- Masood Khosroshahy, “Congestion avoidance and control,” Tech. Rep., Jun. 2009.
- Masood Khosroshahy, “IEEE 802.11 and propagation modeling: A survey and a practical design approach,” Tech. Rep., Jul. 2007.