Using Covert Means to Establish Cybercraft Command and Control

Abstract

The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that will provide automated and trusted cyber defense capabilities for AF network assets. In this research, we consider the issues of how to protect or obfuscate command and control aspects of the system. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. This research will subject Bothunter to a series of tests to validate these claims. We use a leading bot detection utility, Bothunter, and an ARP validation tool, XArp, to build a case for the effectiveness of our approach. We present three scenarios that correlate to how we believe Cybercraft platforms will be integrated in the future and consider stealthiness in terms of these representative tools.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2009
Accession Number
ADA500658

Entities

People

  • Bradley D. Sevy

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • C4I
  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Aircrafts
  • Command And Control
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Detectors
  • Electronic Mail
  • Information Operations
  • Information Systems
  • Intrusion Detectors
  • Malware
  • Network Protocols
  • Operating Systems
  • Transport Protocols
  • Unmanned Aerial Vehicles

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Distributed Systems and Data Platform Development
  • Linear Algebra

Technology Areas

  • Cyber
  • Fully Networked C3
  • Fully Networked C3 - Command and Control