Böck, Leon ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max ; Karuppayah, Shankar (2018)
Next Generation P2P Botnets: Monitoring under Adverse Conditions.
International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion, Crete, Greece
doi: 10.1007/978-3-030-00470-5_24
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.

Frage zum Eintrag

Redaktionelle Details anzeigen