Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max
:
Hide And Seek: Detecting Sensors in P2P Botnets.
Communications and Network Security (CNS), 2015 IEEE Conference on
IEEE
[
Konferenzveröffentlichung]
, (2015)
Kurzbeschreibung (Abstract)
Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.
Typ des Eintrags: | Konferenzveröffentlichung ( nicht bekannt) |
---|---|
Erschienen: | 2015 |
Autor(en): | Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max |
Titel: | Hide And Seek: Detecting Sensors in P2P Botnets |
Sprache: | Deutsch |
Kurzbeschreibung (Abstract): | Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%. |
Buchtitel: | Communications and Network Security (CNS), 2015 IEEE Conference on |
Verlag: | IEEE |
Freie Schlagworte: | - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing |
Fachbereich(e)/-gebiet(e): | DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen 20 Fachbereich Informatik > Telekooperation LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt Profilbereiche > Cybersicherheit (CYSEC) LOEWE > LOEWE-Zentren DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche 20 Fachbereich Informatik Profilbereiche LOEWE DFG-Sonderforschungsbereiche (inkl. Transregio) |
Veranstaltungsort: | Florence, Italy |
Hinterlegungsdatum: | 31 Dez 2016 12:59 |
DOI: | 10.1109/CNS.2015.7346908 |
ID-Nummer: | TUD-CS-2015-1218 |
Verwandte URLs: | |
Export: |
Optionen (nur für Redakteure)
![]() |
Eintrag anzeigen |