Karuppayah, Shankar ; Vasilomanolakis, Emmanouil ; Haas, Steffen ; Fischer, Mathias ; Mühlhäuser, Max (2016)
BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets.
IEEE International Conference on Communications (ICC 2016). Kuala Lumpur, Malaysia (22.05.2016-27.05.2016)
doi: 10.1109/ICC.2016.7510885
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The ever-growing number of cyber attacks from botnets has made them one of the biggest threats on the Internet. Thus, it is crucial to study and analyze botnets, to take them down. For this, an extensive monitoring is a pre-requisite for preparing a botnet takedown, e.g., via a sinkholing attack. However, every new monitoring mechanism developed for botnets is usually tackled by the botmasters by introducing novel antimonitoring countermeasures. In this paper, we anticipate these countermeasures by proposing a set of lightweight techniques for detecting the presence of crawlers in P2P botnets, called BoobyTrap. For that, we exploit botnet-specific protocol and design constraints. We evaluate the performance of our BoobyTrap mechanism on two real-world botnets: Sality and ZeroAccess. Our results indicate that we can distinguish many crawlers from benign bots. In fact, we discovered close to 10 crawler nodes within our observation period in the Sality botnet and around 120 in the ZeroAccess botnet. In addition, we also describe the observable characteristics of the detected crawlers and suggest crawler improvements for enabling monitoring in the presence of the BoobyTrap mechanism.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Karuppayah, Shankar ; Vasilomanolakis, Emmanouil ; Haas, Steffen ; Fischer, Mathias ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets |
| Sprache: | Englisch |
| Publikationsjahr: | 14 Juli 2016 |
| Verlag: | IEEE |
| Buchtitel: | 2016 IEEE International Conference on Communications |
| Veranstaltungstitel: | IEEE International Conference on Communications (ICC 2016) |
| Veranstaltungsort: | Kuala Lumpur, Malaysia |
| Veranstaltungsdatum: | 22.05.2016-27.05.2016 |
| DOI: | 10.1109/ICC.2016.7510885 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | The ever-growing number of cyber attacks from botnets has made them one of the biggest threats on the Internet. Thus, it is crucial to study and analyze botnets, to take them down. For this, an extensive monitoring is a pre-requisite for preparing a botnet takedown, e.g., via a sinkholing attack. However, every new monitoring mechanism developed for botnets is usually tackled by the botmasters by introducing novel antimonitoring countermeasures. In this paper, we anticipate these countermeasures by proposing a set of lightweight techniques for detecting the presence of crawlers in P2P botnets, called BoobyTrap. For that, we exploit botnet-specific protocol and design constraints. We evaluate the performance of our BoobyTrap mechanism on two real-world botnets: Sality and ZeroAccess. Our results indicate that we can distinguish many crawlers from benign bots. In fact, we discovered close to 10 crawler nodes within our observation period in the Sality botnet and around 120 in the ZeroAccess botnet. In addition, we also describe the observable characteristics of the detected crawlers and suggest crawler improvements for enabling monitoring in the presence of the BoobyTrap mechanism. |
| Freie Schlagworte: | - SSI - Area Secure Smart Infrastructures;Secure Services;S1;Solutions;SPIN: Smart Protection in Infrastructures and Networks |
| ID-Nummer: | TUD-CS-2016-0035 |
| Zusätzliche Informationen: | The ever-growing number of cyber attacks from botnets has made them one of the biggest threats on the Internet. Thus, it is crucial to study and analyze botnets, to take them down. For this, an extensive monitoring is a pre-requisite for preparing a botnet takedown, e.g., via a sinkholing attack. However, every new monitoring mechanism developed for botnets is usually tackled by the botmasters by introducing novel antimonitoring countermeasures. In this paper, we anticipate these countermeasures by proposing a set of lightweight techniques for detecting the presence of crawlers in P2P botnets, called BoobyTrap. For that, we exploit botnet-specific protocol and design constraints. We evaluate the performance of our BoobyTrap mechanism on two real-world botnets: Sality and ZeroAccess. Our results indicate that we can distinguish many crawlers from benign bots. In fact, we discovered close to 10 crawler nodes within our observation period in the Sality botnet and around 120 in the ZeroAccess botnet. In addition, we also describe the observable characteristics of the detected crawlers and suggest crawler improvements for enabling monitoring in the presence of the BoobyTrap mechanism. |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 31 Dez 2016 12:59 |
| Letzte Änderung: | 16 Aug 2021 11:36 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum