TU Darmstadt / ULB / TUbiblio

Hide And Seek: Detecting Sensors in P2P Botnets

Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max (2015):
Hide And Seek: Detecting Sensors in P2P Botnets.
In: Communications and Network Security (CNS), 2015 IEEE Conference on, pp. 731-732,
IEEE, Florence, Italy, DOI: 10.1109/CNS.2015.7346908,
[Conference or Workshop Item]

Abstract

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max
Title: Hide And Seek: Detecting Sensors in P2P Botnets
Language: German
Abstract:

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Title of Book: Communications and Network Security (CNS), 2015 IEEE Conference on
Publisher: IEEE
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Location: Florence, Italy
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/CNS.2015.7346908
Identification Number: TUD-CS-2015-1218
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details