SLINGbot: A System for Live Investigation of Next Generation Botnets

Abstract

There is an urgent need for a pro-active approach to botnet detection and mitigation that will enable computer network defenders to characterize emerging and future botnet threats and design effective defense techniques before these threats materialize. To this end, we have developed a System for Live Investigation of Next Generation bots (SLINGbot). SLINGbot is an extensible, composable bot framework that enables researchers to construct benign bots for the purposes of generating and characterizing botnet Command and Control (C2) traffic. This enables researchers to simulate current and potential future botnet traffic, characterize it, and design effective defense techniques. In this paper, we describe the SLINGbot system and how it can be used for the pro-active development of botnet defenses.