Designing effective and stealthy botnets for cyber espionage and interdiction --- Finding the cyber high ground

Botnets are Internet connected computing devices controlled by a single botmaster, and present a great threat to Internet security by undermining legitimate computing. The term is often associated with criminal activities on a massive scale, but botnets may be designed for subtle espionage and interdiction missions in cyberspace as well.;We propose a set of mission effectiveness and stealth objectives that are derived from knowledge of the target network topology. Through application of these objectives the botmaster can quantify how suitable a botnet is for a particular mission. Advancing the effectiveness and stealth measures one step further, we provide a botnet design engine that enhances the capability to identify the cyber high ground---the set of systems that, if controlled by the botmaster, yield the highest probability of mission success. This cyber high ground is mission dependent and therefore differs for the attacker and defender.;Results show that botnets can be designed via optimization to be extremely effective while remaining very small and, contrary to intuition, a botnet's size need not impact its stealth posture. In fact, an increased size may provide the botnet improved stealth as it can more effectively avoid detectors.;Five use cases are explored through simulation to show the benefits of optimizing botnet design. These range from attacking a simple client-server architecture to a more complex architecture of interconnected network enclaves. In each case, the optimized technique we introduce outperforms contemporary design techniques by providing an equally effective botnet that is smaller and/or more stealthy.;An analysis from the defender's perspective is also provided. We show that there is little the defender can do to prevent the attacker from achieving their objectives with a high level of success. The defender's most effective strategy is to deny information about the network, targets, and defenses to the adversary---a lofty objective that is at least as difficult to achieve in cyberspace as it is in kinetic warfare.