P2P-botnet-hotbot07 - An Advanced Hybrid Peer-to-Peer...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
An Advanced Hybrid Peer-to-Peer Botnet Ping Wang Sherri Sparks Cliff C. Zou School of Electrical Engineering and Computer Science University of Central Florida, Orlando, FL { pwang, ssparks, czou } @cs.ucf.edu Abstract — A “botnet” consists of a network of compromised computers controlled by an attacker (“botmaster”). Recently botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in the near future. In this paper, we present the design of an advanced hybrid peer- to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. Possible defenses against this advanced botnet are suggested. I. INTRODUCTION In the last several years, Internet malware attacks have evolved into better organized and more profit-centered endeav- ors. Email spam, extortion through denial-of-service attacks [1], and click fraud [2] represent a few examples of this emerging trend. “Botnets” are a root cause of these problems [3], [4], [5]. A “botnet” consists of a network of compromised computers (“bots”) connected to the Internet that is controlled by a remote attacker (“botmaster”) [6], [5]. Since a botmaster could scatter attack tasks over hundreds or even tens of thousands of computers distributed across the Internet, the enormous cumulative bandwidth and large number of attack sources make botnet-based attacks extremely dangerous and hard to defend against. Compared to other Internet malware, the unique feature of a botnet lies in its control communication network. Most botnets that have appeared until now have had a common centralized architecture. That is, bots in the botnet connect directly to some special hosts (called “ command-and-control ” servers, or their botmaster and forward them to the other bots in the network. From now on we will call a botnet with such a control connections. As botnet-based attacks become popular and dangerous, security researchers have studied how to detect, monitor, and defend against them [3], [6], [1], [4], [7], [5]. Most of the appeared in the past, especially Internet Relay Chat (IRC) based botnets. It is necessary to conduct such research in order to deal with the threat we are facing today. However,
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 9

P2P-botnet-hotbot07 - An Advanced Hybrid Peer-to-Peer...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online