This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 1 Peer-to-Peer Botnets: The Next Generation of Botnet Attacks Ping Wang, Baber Aslam, Cliff C. Zou School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, Florida 32816 Botnet is a network of computers that are compromised and controlled by an attacker. Botnets are one of the most serious threats to todays Internet. Most current botnets have centralized command and control (C&C) architec- ture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Without C&C servers, P2P botnets are more resilient to defense countermeasures than traditional centralized botnets. In this chapter, we systematically study P2P botnets along multiple dimensions: botnet construction, command and control mechanisms, performance measure- ments, and mitigation approaches. 1.1 Introduction Botnet is a network of compromised computers (bots) running malicious software, usually installed via all kinds of attacking techniques such as trojan horses, worms and viruses [ 1 ]. These zombie computers are remotely controlled by an attacker, so-called botmaster. Botnets with a large number of comput- ers have enormous cumulative bandwidth and powerful computing capability. They are exploited by botmasters for initiating various malicious activities, such as email spam, distributed denial-of-service (DDOS) attacks, password cracking and key logging. Botnets have become one of the most significant threats to the Internet. Today, centralized botnets are still widely used. Among them, Internet relay chat (IRC)-based botnets [ 55 ] are the most popular ones, which use IRC [ 33 ] to facilitate command and control (C&C) communication between bots and botmasters. In a centralized botnet as shown in Fig. 1.1 , bots are connected to 1 2 CHAPTER 1. PEER-TO-PEER BOTNETS: THE NEXT GENERATION OF BOTNET ATTACKS one or several servers to obtain commands. This architecture is easy to construct and very efficient in distributing botmasters commands; however, it has a single point of failure - the C&C server. Shutting down the IRC server would cause all the bots lose contact with their botmaster. In addition, defenders can also easily monitor the botnet by creating a decoy to join in the specified IRC channel. Recently, peer-to-peer (P2P) botnets , such as Trojan.Peacomm botnet [ 27 ] and Stormnet [ 32 ], have emerged as attackers gradually realize the limitation of traditional centralized botnets. Just like P2P networks, which are resilient to dynamic churn (i.e., peers join and leave the system at high rates [ 36 ]), P2P botnet communication wont be disrupted when losing a number of bots. In a P2P botnet as shown in Fig. 1.2 , there is no centralized server, and bots are connected to each other topologically and act as both C&C server and client....
View Full Document
This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.
- Spring '08
- Electrical Engineering