ANALYSIS AND COMPARISON OF THE CHARACTERISTICS OF HIGH PERFORMANCE SYSTEMS AND BOTNETS

MARIA JOSE ERQUIAGA

MARIA JOSE ERQUIAGA

Master Thesis

The goal of this master's thesis is to study botnets as HPC systems to demonstrate that they can resolve similar problems.

To achieve this objective, the characteristics of a traditional HPC system and those of a botnet will be measured to compare them. 

To perform the comparative analysis of the thesis, the study of a botnet called Geost that was discovered in the Stratosphere laboratory will be carried out. This botnet was discovered when another botnet called Htbot, that provides proxy services, was being analyzed. The discovery came up because the Geost botmasters were using the Htbot as proxy service. Through the analysis of network traffic and the Threat intelligence process, it was possible to discover the servers (domains and IPs) used by this botnet. Simultaneously, the Android applications used to distribute the botnet (APKs) were found. Geost spreads through fake APKs (Android Application Package), which are installed by their victims. By installing these APKs, attackers capture data from victims' bank accounts. Geost will be used as a main example botnet to analyze its HPC characteristics compared to other systems.

By studying the characteristics of HPC in botnets, it is intended, to measure the performance of botnets as high-performance systems and to study what characteristics can be obtained from a botnet through the Threat Intelligence process and reverse engineering of malicious applications.