Reliable Recon in Adversarial Peer-to-Peer Botnets
| Autor: | Christian Rossow, Dennis Andriesse, Herbert Bos |
|---|---|
| Přispěvatelé: | Computer Systems, Network Institute, Systems and Network Security, Distributed Computer Systems |
| Rok vydání: | 2015 |
| Předmět: |
education.field_of_study
Engineering business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Population Botnet Peer-to-peer Crawling Sality Computer security computer.software_genre Adversarial system Srizbi botnet Infected population education business computer Computer network |
| Zdroj: | Internet Measurement Conference Proceedings of the 2015 ACM Internet Measurement Conference (IMC) Andriesse, D A, Rossow, C & Bos, H J 2015, Reliable Recon in Adversarial Peer-to-Peer Botnets . in Proceedings of the 2015 ACM Internet Measurement Conference (IMC) . Vrije Universiteit Amsterdam |
| DOI: | 10.1145/2815675.2815682 |
| Popis: | The decentralized nature of Peer-to-Peer (P2P) botnets precludes traditional takedown strategies, which target dedicated command infrastructure. P2P botnets replace this infrastructure with command channels distributed across the full infected population. Thus, mitigation strongly relies on accurate reconnaissance techniques which map the botnet population. While prior work has studied passive disturbances to reconnaissance accuracy ---such as IP churn and NAT gateways---, the same is not true of active anti-reconnaissance attacks. This work shows that active attacks against crawlers and sensors occur frequently in major P2P botnets. Moreover, we show that current crawlers and sensors in the Sality and Zeus botnets produce easily detectable anomalies, making them prone to such attacks. Based on our findings, we categorize and evaluate vectors for stealthier and more reliable P2P botnet reconnaissance. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|