TU Darmstadt / ULB / TUbiblio

Next Generation P2P Botnets: Monitoring under Adverse Conditions

Böck, Leon ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max ; Karuppayah, Shankar :
Next Generation P2P Botnets: Monitoring under Adverse Conditions.
[Online-Edition: https://www.raid2018.org/]
In: International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Heraklion, Crete, Greece. In: Lecture Notes in Computer Science , 11050 . Springer International Publishing
[ Konferenzveröffentlichung] , (2018)

Offizielle URL: https://www.raid2018.org/

Kurzbeschreibung (Abstract)

The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.

Typ des Eintrags: Konferenzveröffentlichung ( nicht bekannt)
Erschienen: 2018
Autor(en): Böck, Leon ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max ; Karuppayah, Shankar
Titel: Next Generation P2P Botnets: Monitoring under Adverse Conditions
Sprache: Englisch
Kurzbeschreibung (Abstract):

The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.

Buchtitel: Research in Attacks, Intrusions, and Defenses
Reihe: Lecture Notes in Computer Science
Band: 11050
Verlag: Springer International Publishing
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Telekooperation
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Veranstaltungstitel: International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Veranstaltungsort: Heraklion, Crete, Greece
Hinterlegungsdatum: 13 Jul 2018 08:39
DOI: https://doi.org/10.1007/978-3-030-00470-5_24
Offizielle URL: https://www.raid2018.org/
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen