Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max (2015)
Hide And Seek: Detecting Sensors in P2P Botnets.
Florence, Italy
doi: 10.1109/CNS.2015.7346908
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2015 |
| Autor(en): | Böck, Leon ; Karuppayah, Shankar ; Grube, Tim ; Fischer, Mathias ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | Hide And Seek: Detecting Sensors in P2P Botnets |
| Sprache: | Deutsch |
| Publikationsjahr: | September 2015 |
| Verlag: | IEEE |
| Buchtitel: | Communications and Network Security (CNS), 2015 IEEE Conference on |
| Veranstaltungsort: | Florence, Italy |
| DOI: | 10.1109/CNS.2015.7346908 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%. |
| Freie Schlagworte: | - SSI - Area Secure Smart Infrastructures;S1;Solutions;Monitoring;Peer-to-peer computing |
| ID-Nummer: | TUD-CS-2015-1218 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 31 Dez 2016 12:59 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum