TU Darmstadt / ULB / TUbiblio

Hide And Seek: Detecting Sensors in P2P Botnets

Böck, Leon and Karuppayah, Shankar and Grube, Tim and Fischer, Mathias and Mühlhäuser, Max (2015):
Hide And Seek: Detecting Sensors in P2P Botnets.
In: Communications and Network Security (CNS), 2015 IEEE Conference on, IEEE, Florence, Italy, DOI: 10.1109/CNS.2015.7346908,
[Conference or Workshop Item]

Abstract

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Böck, Leon and Karuppayah, Shankar and Grube, Tim and Fischer, Mathias and Mühlhäuser, Max
Title: Hide And Seek: Detecting Sensors in P2P Botnets
Language: German
Abstract:

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Title of Book: Communications and Network Security (CNS), 2015 IEEE Conference on
Publisher: IEEE
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing
Divisions: DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
20 Department of Computer Science > Telecooperation
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
20 Department of Computer Science
Profile Areas
LOEWE
DFG-Collaborative Research Centres (incl. Transregio)
Event Location: Florence, Italy
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/CNS.2015.7346908
Identification Number: TUD-CS-2015-1218
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item