P2P-Botnet-ICCCN09 - A Systematic Study on Peer-to-Peer...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: A Systematic Study on Peer-to-Peer Botnets Ping Wang, Lei Wu, Baber Aslam and Cliff C. Zou School of Electrical Engineering & Computer Science University of Central Florida Orlando, Florida 32816, USA Email: { pwang, lwu, ababer, czou } @eecs.ucf.edu Abstract —“Botnet” is a network of computers that are compro- mised and controlled by an attacker. Botnets are one of the most serious threats to today’s Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Without central C&C servers, P2P botnets are more resilient to defenses and coun- termeasures than traditional centralized botnets. In this paper, we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, C&C mechanisms and communication protocols, and mitigation approaches. We carefully study two defense approaches: index poisoning and sybil attack. According to the common idea shared by them, we are able to give analytical results to evaluate their performance. We also propose possible counter techniques which might be developed by attackers against index poisoning and sybil attack defenses. In addition, we obtain one interesting finding: compared to traditional centralized botnets, by using index poisoning technique, it is easier to shut down or at least effectively mitigate P2P botnets that adopt existing P2P protocols and rely on file index to disseminate commands. I. INTRODUCTION “Botnet” is a network of compromised computers (bots) running malicious software, usually installed via all kinds of attacking techniques such as trojan horses, worms and viruses. These zombie computers are remotely controlled by an attacker (botmaster). Botnets with a large number of computers have enormous cumulative bandwidth and computing capa- bility. They are exploited by botmasters for initiating various malicious activities, such as email spam, distributed denial-of- service attacks, password cracking and key logging. Botnets have become one of the most significant threats to the Internet. Today, centralized botnets are still widely used. In a cen- tralized botnet, bots are connected to several servers (called C&C servers) to obtain commands. This architecture is easy to construct and efficient in distributing botmaster’s commands; however, it has a weak link - the C&C servers. Shutting down those servers would cause all the bots lose contact with their botmaster. In addition, defenders can easily monitor the botnet by creating a decoy to join a specified C&C channel. Recently, peer-to-peer (P2P) botnets, such as Tro- jan.Peacomm botnet [1], Storm botnet [2] and its newly improved version Waledac botnet [3], have emerged, as attack- ers gradually realize the limitation of traditional centralized botnets. Just like P2P networks, which are resilient to dynamic churn (i.e., peers join and leave the system at high rates [4]),churn (i....
View Full Document

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 8

P2P-Botnet-ICCCN09 - A Systematic Study on Peer-to-Peer...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online