Project Details
Projekt
Lawful Detection, Investigation, and Prosecution of Botnet-related Crime
Subject Area
Criminal Law
Security and Dependability, Operating-, Communication- and Distributed Systems
Security and Dependability, Operating-, Communication- and Distributed Systems
Term
since 2021
Project identifier
Deutsche Forschungsgemeinschaft (DFG) - Project number 457175502
Botnets are a highly useful tool for committing cyber crime offences: several IT systems infected by malware (bots) are connected to a network (botnet) under the control of a command-and-control infrastructure; this network may then be used to commit further crimes. Although the infection of an IT system with malware is oftentimes already a crime, the detection of botnets as well as the prosecution of botnet-related crimes and the prevention of (further) damages is a serious challenge for law enforcement authorities. The overarching goal of this research project is to determine and evolve the legal and IT framework for the interaction between law enforcement authorities and network operators in the furtherance of detecting, investigating and prosecuting botnet-related crime.For the sub-project on criminal and security law, the main research questions are the interaction between criminal law and police law in addressing botnet-related crime, whether and to what extent private entities such as network operators may be involved, and how the so-called security law is emerging in this area. To address these research questions, the major criminal law, criminal procedure, and police law requirements and limitations on interactions between law enforcement authorities and private entities will be analyzed, taking full account of the constitutional and European framework.The sub-project on data protection analyzes how much data may be gathered by a network provider for anomaly-based intrusion detection systems, without violating provisions on the protection of personally identifying information. In particular, research will focus on limitations to analyzing DNS requests stemming from the use of the network by (natural) persons. Additionally, we will investigate how cross-network and cross-domain collaborative intrusion detection of botnets, in particular using anomaly-based detection, may be implemented in conformity with technical and legal frameworks of data protection, and what role authorities – such as the BSI – may play.
DFG Programme
Research Grants
