Measuring the effectiveness of infrastructure-level detection of large-scale botnets
- Los Alamos National Laboratory
- UNIV OF MICHIGAN
Botnets are one of the most serious security threats to the Internet and its end users. In recent years, utilizing P2P as a Command and Control (C&C) protocol has gained popularity due to its decentralized nature that can help hide the hotmaster's identity. Most bot detection approaches targeting P2P botnets either rely on behavior monitoring or traffic flow and packet analysis, requiring fine-grained information collected locally. This requirement limits the scale of detection. In this paper, we consider detection of P2P botnets at a high-level - the infrastructure level - by exploiting their structural properties from a graph analysis perspective. Using three different P2P overlay structures, we measure the effectiveness of detecting each structure at various locations (the Autonomous System (AS), the Point of Presence (PoP), and the router rendezvous) in the Internet infrastructure.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC52-06NA25396
- OSTI ID:
- 1044889
- Report Number(s):
- LA-UR-10-08343; LA-UR-10-8343; TRN: US201214%%558
- Resource Relation:
- Conference: 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'11) ; June 27, 2011 ; Hong Kong, China
- Country of Publication:
- United States
- Language:
- English
Similar Records
AntBot: Anti-pollution peer-to-peer botnets
Detecting Peer-to-Peer Botnets in SCADA Systems