Analysis Of Peer-To-Peer Botnet Attacks And Defenses

Creator

Ping Wang, Symantec Corporation
Lei Wu, NC State University
Baber Aslam, National University of Sciences and Technology Pakistan
Cliff C. Zou, University of Central Florida

Abstract

A “botnet” is a network of computers that are compromised and controlled by an attacker (botmaster). Botnets are one of the most serious threats to today’s Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Due to the distributive nature of P2P networks, P2P botnets are more resilient to defense countermeasures. In this chapter, first we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, C&C communication mechanisms/protocols, and mitigation approaches. Then we provide mathematical analysis of two P2P botnet elimination approaches—index poisoning defense and Sybil defense, and one P2P botnet monitoring technique—passive monitoring based on infiltrated honeypots or captured bots. Simulation experiments show that our mathematical analysis is accurate.

Publication Date

1-1-2015

Publication Title

Intelligent Systems Reference Library

Volume

85

Number of Pages

183-214

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1007/978-3-319-15916-4_8

Copyright Status

Unknown

Socpus ID

84925341207 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84925341207

STARS Citation

Wang, Ping; Wu, Lei; Aslam, Baber; and Zou, Cliff C., "Analysis Of Peer-To-Peer Botnet Attacks And Defenses" (2015). Scopus Export 2015-2019. 457.
https://stars.library.ucf.edu/scopus2015/457