Conference Paper

Measuring the effectiveness of infrastructure-level detection of large-scale botnets.

Univ. of Michigan, Ann Arbor, MI, USA
DOI: 10.1109/IWQOS.2011.5931312 Conference: 19th International Workshop on Quality of Service, IWQoS 2011, San Jose, California, USA, 6-7 June 2011.
Source: IEEE Xplore

ABSTRACT Botnets are one of the most serious security threats to the Internet and its end users. In recent years, utilizing P2P as a Command and Control (C&C) protocol has become popular due to its decentralized nature that can help hide the botmaster's identity. Most bot detection approaches targeting P2P botnets either rely on behavior monitoring or traffic flow and packet analysis, requiring fine-grained information collected locally. This requirement limits the scale of detection. In this paper, we consider detection of P2P botnets at a high-level - the infrastructure level-by exploiting their structural properties from a graph analysis perspective. Using three different P2P overlay structures, we measure the effectiveness of detecting each structure at various locations (the Autonomous System (AS), the Point of Presence (PoP), and the router rendezvous) in the Internet infrastructure.

0 Bookmarks
 · 
79 Views
  • [Show abstract] [Hide abstract]
    ABSTRACT: Botnets, which are networks formed by malware-compromised machines, have become a serious threat to the Internet. Such networks have been created to conduct large-scale illegal activities, even jeopardizing the operation of private and public services in several countries around the world. Although research on the topic of botnets is relatively new, it has been the subject of increasing interest in recent years and has spawned a growing number of publications. However, existing studies remain somewhat limited in scope and do not generally include recent research and developments. This paper presents a comprehensive review that broadly discusses the botnet problem, briefly summarizes the previously published studies and supplements these with a wide ranging discussion of recent works and solution proposals spanning the entire botnet research field. This paper also presents and discusses a list of the prominent and persistent research problems that remain open.
    Computer Networks 02/2013; 57(2):378–403. · 1.23 Impact Factor

Full-text

Download
0 Downloads
Available from

Similar Publications