A Revised Ant Colony Optimization Scheme for Discovering Attack Paths of Botnet

IP trace back technique is an effective method to find either the attack origin or command-and-control (C&C) server on the Internet. The traditional ACO (ant colony optimization) constantly converged to a local minimum solution easily such that the global most portable of the final solution might be missed. Accordingly, the present study proposes a modified ACS (ant colony system) scheme designated as ACS-IPTBK to solve the IP trace back problem, predict both the most probable attack path and the computational resources needed in botnets. The ability of the ants to search all feasible attack paths is enhanced by means of a global heuristics. A series of ns2 simulations are performed to investigate the minimum resources required to successfully reconstruct the attack path. The convergence time for attack paths of different routing distances were investigated using a random graph generator based on Waxman's scheme. Overall, the results confirm that the proposed method provides an effective means of reconstructing the path between the attacker and the victim based on the incomplete routing information from the related ISPs.