TU Darmstadt / ULB / TUbiblio

Hide And Seek: Detecting Sensors in P2P Botnets

Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max :
Hide And Seek: Detecting Sensors in P2P Botnets.
Communications and Network Security (CNS), 2015 IEEE Conference on IEEE
[ Konferenzveröffentlichung] , (2015)

Kurzbeschreibung (Abstract)

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Typ des Eintrags: Konferenzveröffentlichung ( nicht bekannt)
Erschienen: 2015
Autor(en): Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max
Titel: Hide And Seek: Detecting Sensors in P2P Botnets
Sprache: Deutsch
Kurzbeschreibung (Abstract):

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Buchtitel: Communications and Network Security (CNS), 2015 IEEE Conference on
Verlag: IEEE
Freie Schlagworte: - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing
Fachbereich(e)/-gebiet(e): DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
20 Fachbereich Informatik > Telekooperation
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
20 Fachbereich Informatik
Profilbereiche
LOEWE
DFG-Sonderforschungsbereiche (inkl. Transregio)
Veranstaltungsort: Florence, Italy
Hinterlegungsdatum: 31 Dez 2016 12:59
DOI: 10.1109/CNS.2015.7346908
ID-Nummer: TUD-CS-2015-1218
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen