TU Darmstadt / ULB / TUbiblio

Hide And Seek: Detecting Sensors in P2P Botnets

Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max (2015)
Hide And Seek: Detecting Sensors in P2P Botnets.
Florence, Italy
doi: 10.1109/CNS.2015.7346908
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max
Art des Eintrags: Bibliographie
Titel: Hide And Seek: Detecting Sensors in P2P Botnets
Sprache: Deutsch
Publikationsjahr: September 2015
Verlag: IEEE
Buchtitel: Communications and Network Security (CNS), 2015 IEEE Conference on
Veranstaltungsort: Florence, Italy
DOI: 10.1109/CNS.2015.7346908
Zugehörige Links:
Kurzbeschreibung (Abstract):

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Freie Schlagworte: - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing
ID-Nummer: TUD-CS-2015-1218
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Telekooperation
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 31 Dez 2016 12:59
Letzte Änderung: 14 Jun 2021 06:14
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen