Böck, Leon ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max ; Karuppayah, Shankar (2018)
Next Generation P2P Botnets: Monitoring under Adverse Conditions.
International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion, Crete, Greece
doi: 10.1007/978-3-030-00470-5_24
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2018 |
| Autor(en): | Böck, Leon ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max ; Karuppayah, Shankar |
| Art des Eintrags: | Bibliographie |
| Titel: | Next Generation P2P Botnets: Monitoring under Adverse Conditions |
| Sprache: | Englisch |
| Publikationsjahr: | 12 September 2018 |
| Verlag: | Springer International Publishing |
| Buchtitel: | Research in Attacks, Intrusions, and Defenses |
| Reihe: | Lecture Notes in Computer Science |
| Band einer Reihe: | 11050 |
| Veranstaltungstitel: | International Symposium on Research in Attacks, Intrusions and Defenses (RAID) |
| Veranstaltungsort: | Heraklion, Crete, Greece |
| DOI: | 10.1007/978-3-030-00470-5_24 |
| URL / URN: | https://www.raid2018.org/ |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future. |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy |
| Hinterlegungsdatum: | 13 Jul 2018 08:39 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum