TU Darmstadt / ULB / TUbiblio

On Advanced Monitoring in Resilient and Unstructured P2P Botnets

Karuppayah, Shankar and Fischer, Mathias and Rossow, Christian and Mühlhäuser, Max (2014):
On Advanced Monitoring in Resilient and Unstructured P2P Botnets.
In: International Conference on Communications (ICC) - Communications and Information Systems Security Symposium (CISS), [Conference or Workshop Item]

Abstract

Botnets are a serious threat to Internet-based services and end users. The recent paradigm shift from centralized to more sophisticated Peer-to-Peer (P2P)-based botnets introduces new challenges for security researchers. Centralized botnets can be easily monitored, and once their command and control server is identified, easily be taken down. However, P2P-based botnets are much more resilient against such attempts. To make it worse, botnets like P2P Zeus include additional countermeasures to make monitoring and crawling more difficult for the defenders. In this paper, we discuss in detail the problems of P2P botnet monitoring. As our main contribution, we introduce the Less Invasive Crawling Algorithm (LICA) for efficiently crawling unstructured P2P botnets and utilize only local information. We compare the performance of LICA with other known crawling methods such as Depth-first and Breadth- first search. This is achieved by simulating these methods on not only a real-world botnet dataset, but also on an unstructured P2P file sharing network dataset. Our analysis results indicate that LICA significantly outperforms the other known crawling methods.

Item Type: Conference or Workshop Item
Erschienen: 2014
Creators: Karuppayah, Shankar and Fischer, Mathias and Rossow, Christian and Mühlhäuser, Max
Title: On Advanced Monitoring in Resilient and Unstructured P2P Botnets
Language: English
Abstract:

Botnets are a serious threat to Internet-based services and end users. The recent paradigm shift from centralized to more sophisticated Peer-to-Peer (P2P)-based botnets introduces new challenges for security researchers. Centralized botnets can be easily monitored, and once their command and control server is identified, easily be taken down. However, P2P-based botnets are much more resilient against such attempts. To make it worse, botnets like P2P Zeus include additional countermeasures to make monitoring and crawling more difficult for the defenders. In this paper, we discuss in detail the problems of P2P botnet monitoring. As our main contribution, we introduce the Less Invasive Crawling Algorithm (LICA) for efficiently crawling unstructured P2P botnets and utilize only local information. We compare the performance of LICA with other known crawling methods such as Depth-first and Breadth- first search. This is achieved by simulating these methods on not only a real-world botnet dataset, but also on an unstructured P2P file sharing network dataset. Our analysis results indicate that LICA significantly outperforms the other known crawling methods.

Divisions: 20 Department of Computer Science > Telecooperation
20 Department of Computer Science
Event Title: International Conference on Communications (ICC) - Communications and Information Systems Security Symposium (CISS)
Date Deposited: 02 Apr 2015 15:31
Export:

Optionen (nur für Redakteure)

View Item View Item