Conferences >2016 IEEE Conference on Commu...

On the resilience of P2P-based botnet graphs

Download PDF
Download References
Request Permissions
Save to
Alerts

Abstract:

P2P botnets represent another escalation level in the race of arms between criminals and the research community. By utilizing a distributed P2P architecture they are resi...Show More

Metadata

Abstract:

P2P botnets represent another escalation level in the race of arms between criminals and the research community. By utilizing a distributed P2P architecture they are resilient against random failures and attacks and overcome the limitations of a central command and control server. For this reason, it is important to monitor them to gather information for potential takedown attempts. In this paper, we introduce our high-frequency crawling tool Strobo-Crawler that can carry out a fine-grained node enumeration. Furthermore, we propose mechanisms to derive accurate snapshots of the botnet graph on the basis of restricted monitoring data. We applied Strobo-Crawler in a two week crawling campaign in the P2P botnets Sality and ZeroAccess and describe the results along with a careful evaluation of our graph reconstruction. Furthermore, we provide a thorough analysis of the resulting botnet graphs and also provide these graphs to the public. Our results indicate that they are highly resilient against node churn, but also against targeted attacks. Bots are highly interconnected and the graphs are characterized by a high clustering coefficient, high density, and low diameter.

Published in: 2016 IEEE Conference on Communications and Network Security (CNS)

Date of Conference: 17-19 October 2016

Date Added to IEEE Xplore: 23 February 2017

ISBN Information:

DOI: 10.1109/CNS.2016.7860489

Conference Location: Philadelphia, PA, USA

Contents

I. Introduction

Most of recent cyber-crime activities such as banking credential thefts and Distributed Denial of Service (DDoS) attacks are caused by botnets. A botnet consists of thousands of infected machines or bots around the globe that is controlled by a botmaster. In the past these bots were administrated using centralized Command and Control (C2) servers. However, such a C2 architecture represents a single point of failure and has been exploited in many botnet takedowns in the past. As a result, recent botnets have adopted a Peer-to-Peer(P2P)-based architecture. These P2P botnets are not only robust against random failures, but due to their self-organizing capabilities, they are also more robust against takedown attempts. Moreover, the architecture itself provides anonymity to the botmaster, as he can issue commands from any part of the botnet. These unique characteristics of P2P botnets have rendered them a popular research area in the past. Thus, many reports describing characteristics of botnets have been published [9], [7], [14]. However, most of them analyze the P2P protocols of the botnets, present measurements studies on the botnet population or propose botnet detection strategies. To the best of our knowledge there is no related work for P2P botnet graph reconstruction.

References is not available for this document.

MIT Libraries

MIT Libraries

On the resilience of P2P-based botnet graphs

Abstract:

Metadata

Abstract:

I. Introduction

References

IEEE Account

Purchase Details

Profile Information

Need Help?

MIT Libraries

MIT Libraries

On the resilience of P2P-based botnet graphs

Alerts

Abstract:

Metadata

Abstract:

I. Introduction

References