TU Darmstadt / ULB / TUbiblio

Next Generation P2P Botnets: Monitoring under Adverse Conditions

Böck, Leon and Vasilomanolakis, Emmanouil and Mühlhäuser, Max and Karuppayah, Shankar (2018):
Next Generation P2P Botnets: Monitoring under Adverse Conditions.
In: Research in Attacks, Intrusions, and Defenses, Springer International Publishing, In: International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Heraklion, Crete, Greece, In: Lecture Notes in Computer Science, 11050, DOI: 10.1007/978-3-030-00470-5_24,
[Online-Edition: https://www.raid2018.org/],
[Conference or Workshop Item]

Abstract

The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.

Item Type: Conference or Workshop Item
Erschienen: 2018
Creators: Böck, Leon and Vasilomanolakis, Emmanouil and Mühlhäuser, Max and Karuppayah, Shankar
Title: Next Generation P2P Botnets: Monitoring under Adverse Conditions
Language: English
Abstract:

The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet's resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.

Title of Book: Research in Attacks, Intrusions, and Defenses
Series Name: Lecture Notes in Computer Science
Volume: 11050
Publisher: Springer International Publishing
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Event Title: International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Event Location: Heraklion, Crete, Greece
Date Deposited: 13 Jul 2018 08:39
DOI: 10.1007/978-3-030-00470-5_24
Official URL: https://www.raid2018.org/
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item