Böck, Leon and Karuppayah, Shankar and Grube, Tim and Fischer, Mathias and Mühlhäuser, Max
:
Hide And Seek: Detecting Sensors in P2P Botnets.
Communications and Network Security (CNS), 2015 IEEE Conference on
IEEE
[Conference or Workshop Item]
, (2015)
Abstract
Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2015 |
| Creators: | Böck, Leon and Karuppayah, Shankar and Grube, Tim and Fischer, Mathias and Mühlhäuser, Max |
| Title: | Hide And Seek: Detecting Sensors in P2P Botnets |
| Language: | German |
| Abstract: | Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%. |
| Title of Book: | Communications and Network Security (CNS), 2015 IEEE Conference on |
| Publisher: | IEEE |
| Uncontrolled Keywords: | - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing |
| Divisions: | DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments Department of Computer Science > Telecooperation LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt Profile Areas > Cybersecurity (CYSEC) LOEWE > LOEWE-Zentren DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres Department of Computer Science Profile Areas LOEWE DFG-Collaborative Research Centres (incl. Transregio) |
| Event Location: | Florence, Italy |
| Date Deposited: | 31 Dec 2016 12:59 |
| DOI: | 10.1109/CNS.2015.7346908 |
| Identification Number: | TUD-CS-2015-1218 |
| Related URLs: | |
| Export: |
Optionen (nur für Redakteure)
 |
View Item |
Print
Impressum