BlockchainBot: A Novel Botnet Infrastructure Enhanced by Blockchain Technology and IoT
, Leixiao Li 1,2,*, Xiangyang Chang 3, Jianxiong Wan 1,2, Jie Li 1,2, Jinze Du 1,2 and Xiaoxu Zhang 1
Round 1
Reviewer 1 Report
The general approach makes many apparent assumptions that are too broad and not focused on the technical issues, but rather associated with value judgments. It would be far better to avoid value judgments and focus on facts. Also, the asserted goal is to improve the efficacy of an attacker managing resources used for attack. It is at best questionable whether this objective is one to be supported by the journal. If characterized in terms of technical issues in attack and defense, this would be a far better paper and more relevant to the scientific purpose of the journal.
The author seems to only reference fairly recent papers, but this field started far earlier, and references to earlier work would aide in the understanding of the issues (and if the authors reviewed older papers they might learn about the broader range of issues for context in their writing.
The authors anthropomorphize extensively and inappropriately. It is the authors of this software that undertake many of these activities, not the software itself. This is an important distinction because there are variations that may not involve control or may be self-written or otherwise out of control of the original authors.
The term forensics is bandied about without clarity of definition or appropriate application. What specifically is the function being deprecated and what is the basis for the asserted deprecation?
The claim of Table 2 regarding "all hacking scenarios" is dubious. Perhaps they have not identified some scenarios under which their methodology would be defeated?
The cost analysis related to public coins seems relatively useless. There is no particular benefit to the use of a public blockchain system in the identified article, and indeed it is questionable why a blockchain is preferable to a lower overhead approach. What is the actual advantage of a blockchain in this case? There are also many voting schemes that might work better for resiliency while maintaining control. Also, the cost issue is important to understanding how such a network may be defeated or taken over by those with more resources.Finally, many botnets are used for bitcoin and other crypto-currency mining. As such the botnet may pay for its own costs and in fact increase its value over time. IT might actually be profitable to operate the bothnet, which on its own could become wealthy by the individual bots and their ownership through creation of crypto currency is uses to communicate.
The Merkle tree approach is seemingly reasonable, but its scalability is unclear as presented.
The use of urandom seems problematic as a basis for security of systems. These are pseudo-random numbers and may be vulnerable to a wide range of attack methodologies. It may serve as an example only.
The "security analysis seems very limited and makes unstated assumptions that are not apparent. The stated assumptions are not justified as the basis for a comprehensive analysis.
The summary information on prior technologies is worthwhile and I would suggest submitting a paper covering the field as a survey paper with a possible suggestion about a future path, or alternatively, a paper focused on the technologies writ large and the apparent tradeoffs. As written, this paper is problematic in these and many other ways.
Author Response
Please see the attachment
Author Response File: 
Author Response.pdf
Reviewer 2 Report
In this paper, the authors proposed BlockchainBot in which a botnet underlying overlay leverages IoT devices to be maintainers and integrated with Distributed Ledger Technology, which is able to deploy bots fully on blockchain. The proposal has the following advantages: resistance against single point of failure, strong resilience against DDoS attacks and forensics, low latency of communication, nearly zero overhead cost, etc.
Blockchain has been one of the hot research topics in recent years, and it allows transactions to be performed in a decentralized manner. It is currently being applied in various fields, such as reputation systems, the internet of things (IoT) and financial services.
Therefore, the topic is interesting, and it fits into the content of the journal.
However, I have some objections to the acceptance of the paper in its current form. It needs to be revised.
1) A MAM channel has three privileges:(1) public mode (2) private mode (3) restricted mode
Why do you define them as "privileges"?
2) "Algorithm 1: Full Node Enumeration and Publishing" should be checked again. There are some vague points.
publickKey: The public key of Botmaster; -- ??
What is the difference between "fullNode" and "fullNodes[]"?
"mark ← mark + neighborAddress[].size;" In where do you use "mark"
How this can be possible in arrays ("neighborAddress[]←neighborAddress[]+j.getNeighbors()")
3) "Algorithm 2: Random Full Node Connection" its content resembles the use of pseudocode, not an algorithm. Please convert it to an algorithmic language.
4) Please check "Figure 14. mamState object and its constituents."
There is no mamState object here.
What do these links mean? (For each connection) it should be drawn in a more expressive way.
5) "listed in table â…¢, and the rows within table 3 is" why to different representation for table (III or 3)
6) "Table 3. Full nodes enumerated by algorithm1.".
What is the significance of this table in the performance analysis?
Why don't you convert this "Node3.itrocks-latus.de" type of address into an IP-address?
7) "Table 4. Transaction details for performance comparison." has no meaning for the comparison.
Could you please make it clearer?
What metric are you comparing in this case?
Do we need to see the "Sender Address, Receipt Address and Transaction Hash" to make a comparison?
8) "Figure 16. The cost of message transmitting comparison between our proposal and Bitcoin.
Figure 17. The cost of message transmission comparison between our proposal and Ethereum."
It would be better to show the result as a single table.
Additionally, could you please give more details about how you measure these values?
9) "We make two assumptions about the constraints of abilities that the adversary has:"
However, in the ongoing part, there are 3 assumptions!!
10) "Figure 21. the pattern of θi, the horizontal axle is w and the vertical axle is θ."
There are no units here.
What do axis and ordinates mean?
The same thing is valid for "Figure 22. The rate of change of P(A), the horizontal axle is n and k=30, l=10 and the perpendicular axle is the possibility."
11) THe authors should check the recent literature.
As seen from the references, there is no reference from 2021 and only one reference from 2020.
12) Additionally, the authors said that "There is an early and short version of the paper that has been accepted by IEEE 2021 878 International Conference on HPCC/DSS/SmartCity/DependSys/GPC/DIKW."
That can be accessed from "http://www.ieee-hpcc.org/2021/"
1570764158
A Privacy-Aware Cross-Domain Device Authentication Scheme for IIoT Based on Blockchain
Boyuan Gao; Hairong Yan; Rui Tian
However, they did not cite this paper in their reference list.
And, they did not show the difference between the current proposal and the previous one.
Otherwise, this may result in some ethical problems.
13) There are too many English mistakes.
Could you please check the whole paper again?
I have listed some of them as follows.
that the blockchain-based botnet design suffers.-- that the blockchain-based botnet design suffers from
Experiments’ results authenticates that-- Experiments’ results authenticate that.
so that once the C&C server got destroyed,-- so that once the C&C server gets destroyed
most of the Botnets today shifts to these structures-- most of the Botnets today shift to these structures
Imaging that the pervasive IoT devices dispersed--??
Thus, the ownership for C&C channel-- Thus, the ownership of the C&C channel
C&C channel the very lifeline of existing.-- ??
a so called “Botnet” emerge.--?
they per se can be underlying fundamental infrastructure of Botnet--?
namely the seed server, of which the IP address is hardcoded in codes,-- namely the seed server, whose IP address is hardcoded in codes,
Once the seed locked down,-- Once the seed is locked down,
designate bots would be unable to join-- designate bots will be unable to join
Botnet is not potent enough confronting these adversaries-- Botnet is not potent enough to confront these adversaries
as all sort of crypto currencies are famous-- as all sorts of crypto currencies are famous
Assume n=500, x=60k byes,-??
are famous of the anonymity-- are famous for the anonymity
One of its drawback is that to transfer commands and other-- One of its drawbacks is that transferring commands and other
resulting the identity of the botmaster in real world hazardous of being exposed.--??
we proceed the experiments,-- we proceed with the experiments,
a single transaction is able to contain at most bytes data.--??
the advantages of leveraging IOTA’s Tangle to be our botnet’s underlying infrastructure is discussed-- the advantages of leveraging IOTA’s Tangle to be our botnet’s underlying infrastructure are discussed
whose legitimacy have been confirmed by the Tangle.-- whose legitimacy has been confirmed by the Tangle.
MAM transactions with the SMF components which stores the MAM payload-- MAM transactions with the SMF components which store the MAM payload
and the max size of SMF part is-- and the maximum size of SMF part is
o many deferent addresses--??
In a MAM stream the message is encrypt (masked)-- In a MAM stream, the message is encrypted(masked)
and gather intelligence of the identity of Botmaster-- and gather intelligence on the identity of Botmaster
Although the mode of the three channels are different,-- Although the modes of the three channels are different,
our novel method eliminates this bottleneck and prove that the size-- our novel method eliminates this bottleneck and proves that the size
it first gets the list of full nodes enumerated by the Botmaster and select one randomly from the list—it first gets the list of full nodes enumerated by the Botmaster and selects one randomly from the list
never connect before-- never connected before
As algorithm shown,-- As algorithm shows,
some full nodes are took down-- some full nodes are token down
if the Botmaster suspect a-- if the Botmaster suspects a
where there alredy exists-- where there already exists
the old message is accessable-- the old message is accessible
After published the three full nodes’-- After publishing the three full nodes’
a secure implementaion of hash function-- a secure implementation of hash function
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 3 Report
The research work is interesting. Some of the important point are as follows that need to be address.
In abstract
"So as to overcome these weaknesses, we propose BlockchainBot, a Botnet underlying overlay leveraging IoT devices to be maintainers and integrated with Distributed Ledger Technology (DLT), which is able to deploy bots fully on blockchain.", "And it is versatile for file transfer, data feedback and other command and control scenarios that many contemporaries are impotent to cope with.", "as well as low latency of communication and nearly zero overhead of cost that other comparatives unable to attain are achieved."
sentences are long and confusing.
Our proposal >>> to >>> This paper propose / We propose a , to make you contribution more clear.
rewrite by using respective and meaning full words "invention of computer hit on the ground,"
"Botmaster has his own discretion to choose which full node he wants to link to," please use 'it', for robots not he/she/his/her.
Authors should go through the manuscript to remove confusing statements and typos.
Research paper need extensive proof reading especially on the language side, better by the editing service providers.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Point 1: The general approach makes many apparent assumptions that are too broad and not focused on the technical issues, but rather associated with value judgments. It would be far better to avoid value judgments and focus on facts. Also, the asserted goal is to improve the efficacy of an attacker managing resources used for attack. It is at best questionable whether this objective is one
to be supported by the journal. If characterized in terms of
technical issues in attack and defense, this would be a far better
paper and more relevant to the scientific purpose of the journal.
Response 1: The reason why that we provide some description of
value judgement is that we conclude that the traditional Botnet is
not comparative to the Blockchain Enhanced Botnet. Therefore, we
highlight the advantages of Blockchain Enhanced Botnet. In the
Introduction and Literature review sections, we discuss this issue
in the survey paper style. This may be the reason that the reviewer
feels that our paper focused on ‘value judgement’ and ‘board
assumptions’. Combined with the opinions in (O 10 ), we decide to
write a survey paper in our future works. Understanding the
motivation and technology used by attackers can help the system
operators to construct effective countermeasures. In addition,
Section 7 discuss this issue in more detail.
"the traditional Botnet is not comparative to the Blockchain
Enhanced Botnet." A self-refuting statement. They are inherently
comparable by the claim that they are different species within the
genus. I reiterate that the technical issues should be the focus, not
attacker assistance.
so, anthropomorphism is needed. Some earlier works of the botnet
area use anthropomorphism too, for example: In the beginning of
section 5.2, page 5 of "An Advanced Hybrid Peer-to-Peer Botnet," in
IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/TDSC.2008.35. “A botmaster not only wants to know a botnet size and topology, she may also want to know other information in order to conduct efficient attacks”. The authors take the botmaster
as a women. And they use anthropomorphism in their whole paper. And
many other papers standing at the view of attackers uses anthropomorphism. The anthropomorphism can be prevalently found in works from the cybersecurity community. So, we followed this tradition in our paper.
"the Botmaster is the user or author rather than the software, to make the attack. " Which one? The user or the author? Different roles/parties do different things and should be differentiated.
"And the defender (police in real world) is a person (or a group of people) as well" Police are rarely the "defender"s in the context of botnets. That is not their role.
"Thus, the attacker and defender are all human, so, anthropomorphism is needed." Conclusion not valid based on the basis asserted. 1) Humans do not imply anthropomorphism of mechanism is required
"...And many other papers standing at the view of attackers uses anthropomorphism. ..." So if others are sloppy, we should excuse you for being so? Let's not.
"Digital Forensics has emerged as a promising tool for forensic investigators." - Backwards I think... Forensic investigators must (always) use tools to deal with the trace evidence associated with (modern) digital systems. "In brief, digital evidence is permanently stored on most of the public blockchains." - It can be, but seems to demonstrate lack of understanding of digital forensics as a field. --
The author should move away from opining on issues they are not expert on. "This may lead to the risk of Botmaster being tracked by the adversary" - Again, imprecise use of terminology, and the term "risk" in this context is likely misused. " IOTA does not store data permanently, thus making it a better place than other public blockchains for communication between Botmaster and bots." - Where
is the demonstrable proof of this? Or is this just another unproven claim?
data is measured by crypto- currency, e.g., Bitcoin/Ethereum and
then transformed to dollars. The attack is hardly successful if the
cost is expensive. Thus, the cost shall be an important metric for
botnet construction. The actual advantages of a blockchain for constructing botnets are that: • Anonymity: The design of blockchains intends to provide a degree of anonymity (most often pseudonymity) to its users. • Robustness: The design of (public) blockchains provides censorship-resistance, i.e. it is robust in the sense that it is resistant to blocking. • Enumeration Resistance: Bots retrieving commands from the blockchain are hidden
among all other legitimate users. • Stealthiness: Due to the growing popularity of blockchains it is unsuspicious to interact with blockchain networks. • Simplicity: Due to the large community and open source tools, taking part in a blockchain P2P network is simpler than setting up a custom P2P protocol.
If you would put it in the paper this way it would be an improvement.
No thank you. I will use my knowledge to help defeat such systems, not to support their improvement.
The changes made are substantive and beneficial, and I think the paper is better for it. I think a copy edit is still required and care in the definition and use of terms would be helpful. Nonetheless, I have moved to "needs minor changes"
Author Response
Please see the attachment
Author Response File: Author Response.pdf
Reviewer 2 Report
The authors made related corrections.
It can be accepted as is.
Author Response
Please see the attachment
Reviewer 3 Report
The paper is very well updated and most of the reviewers' comments are addressed in an appropriate manner. The major issue remaining is the editing.
There are Professional Editing Services that provide quick or express to complete in round about 4 to 5 days.
Author Response
Please see the attachment
Author Response File: Author Response.pdf
Round 3
Reviewer 3 Report
The paper is in a good shape.
