Loading [MathJax]/extensions/MathZoom.js
D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Dependab... >Volume: 21 Issue: 4

D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network

PDF
Ahmet Kurt; Enes Erdin; Kemal Akkaya; Selcuk Uluagac; Mumin Cebe
All Authors

Abstract:

While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the ...Show More

Metadata

Abstract:

While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this article, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we show the feasibility of a scalable two-layer botnet which completely anonymizes the identity of the botmaster. In the first layer, the botmaster anonymously sends the commands to the command and control (C&C) servers through regular LN payments. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multi-hop LN payments, where the commands are either encoded with the payments or attached to the payments to provide covert communications. In the second layer, C&C servers further relay those commands to the bots in their mini-botnets to launch any type of attacks to victim machines. We further improve on this design by introducing D-LNBot; a distributed version of LNBot that generates its C&C servers by infecting users on the Internet and forms the C&C connections by opening channels to the existing nodes on LN. In contrary to the LNBot, the whole botnet formation phase is distributed and the botmaster is never involved in the process. By utilizing Bitcoin's Testnet and the new message attachment feature of LN, we show that D-LNBot can be run for free and commands are propagated faster to all the C&C servers compared to LNBot. We presented proof-of-concept implementations for both LNBot and D-LNBot on the actual LN and extensively analyzed their delay and cost performance. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot and D-LNBot activities and minimize their impacts.
Published in: IEEE Transactions on Dependable and Secure Computing ( Volume: 21, Issue: 4, July-Aug. 2024)
Page(s): 2162 - 2180
Date of Publication: 01 August 2023

ISSN Information:

DOI: 10.1109/TDSC.2023.3300738

Funding Agency:

Citations are not available for this document.
Contents

I. Introduction

Botnets are networks of computing devices infected with malicious software that is under the control of an attacker, known as bot herder or botmaster [2]. The owner of the botnet controls the bots (i.e., devices that become part of the botnet) through command and control (C&C) server(s) which can communicate with the bots using a C&C channel and can launch various attacks through these bots, including, but not limited to, denial of service (DoS) attacks, information and identity theft, sending spam messages, and other activities. Naturally, a botmaster's goal is to make it difficult for law enforcement to detect and prevent malicious operations. Therefore, establishing a secure C&C infrastructure and hiding the identities of the C&C servers play a key role in the long-lasting operation of botnets.

Cites in Papers - |

Cites in Papers - IEEE (1)

Select All
1.
Muhammad Aidiel Rachman Putra, Tohari Ahmad, Dandy Pramana Hostiadi, Royyana Muslim Ijtihadie, "Ensemble Network Graph-Based Classification for Botnet Detection Using Adaptive Weighting and Feature Extraction", IEEE Access, vol.13, pp.31183-31204, 2025.
Show Article
Google Scholar

Cites in Papers - Other Publishers (1)

1.
Mehdi Asadi, Mohammad Ali Jabraeil Jamali, Arash Heidari, Nima Jafari Navimipour, "Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies", Transactions on Emerging Telecommunications Technologies, vol.35, no.11, 2024.
CrossRef Google Scholar
Contact IEEE to Subscribe
More Like This
DDoS Botnet Prevention using Blockchain in Software Defined Internet of Things

2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST)

Published: 2019

ChainChannels: Private Botnet Communication Over Public Blockchains

2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)

Published: 2018

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.