Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Honeypot trace forensics: The observation viewpoint matters
Future Generation Computer Systems
Andbot: towards advanced mobile botnets
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
AntBot: Anti-pollution peer-to-peer botnets
Computer Networks: The International Journal of Computer and Telecommunications Networking
RatBot: anti-enumeration peer-to-peer botnets
ISC'11 Proceedings of the 14th international conference on Information security
Poster: recoverable botnets: a hybrid C&C approach
Proceedings of the 18th ACM conference on Computer and communications security
Design of SMS commanded-and-controlled and P2P-structured mobile botnets
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Detecting parasite p2p botnet in eMule-like networks through quasi-periodicity recognition
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Bot detection evasion: a case study on local-host alert correlation bot detection methods
Security and Communication Networks
Fluxing botnet command and control channels with URL shortening services
Computer Communications
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
| Hi-index | 0.00 |
One crucial point in the implementation of botnets is the command and control channel, which is used by botmasters to distribute commands to compromised machines and to obtain results from previous commands. While the first botnets were mainly controlled by central IRC servers, recent developments have shown the advantages of a more decentralized approach using peer-to-peer (P2P) networks. Interestingly, even though some botnets already use P2P networks, they do so in a naive fashion. As a result, most existing botnet implementations allow attackers to disrupt messages from the botmaster and to learn IP addresses of other nodes within the botnet. This paper introduces Overbot, a botnet communication protocol based on a peer-to-peer architecture. More precisely, Overbot leverages Kademlia, an existing P2P protocol, to implement a stealth command and control channel. An attacker can neither learn the IP addresses of other nodes in the botnet nor disrupt the message exchange between the botmaster and the bots, even when the attacker is able to capture some of the nodes within the network. Overbot demonstrates the threats that may result when future botnet generations utilize more advanced communication structures. We believe that it is important to outline these threats to allow the research community to develop solutions before such botnets appear in the wild. To help the search for effective countermeasures, we also discuss possible directions where future research seems promising.