Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Viceroy: a scalable and dynamic emulation of the butterfly
Proceedings of the twenty-first annual symposium on Principles of distributed computing
IEEE Internet Computing
A Robust Protocol for Building Superpeer Overlay Topologies
P2P '04 Proceedings of the Fourth International Conference on Peer-to-Peer Computing
The internet AS-level topology: three data sources and one definitive metric
ACM SIGCOMM Computer Communication Review
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Symphony: distributed hashing in a small world
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Worms vs. perimeters: the case for hard-LANs
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
ACM Transactions on Computer Systems (TOCS)
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
The heisenbot uncertainty problem: challenges in separating bots from chaff
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
SS'08 Proceedings of the 17th conference on Security symposium
T-Man: gossip-based overlay topology management
ESOA'05 Proceedings of the Third international conference on Engineering Self-Organising Systems
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
A survey and comparison of peer-to-peer overlay network schemes
IEEE Communications Surveys & Tutorials
Scalable P2P Overlays of Very Small Constant Degree: An Emerging Security Threat
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts
Proceedings of the 26th Annual Computer Security Applications Conference
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Measuring the effectiveness of infrastructure-level detection of large-scale botnets
Proceedings of the Nineteenth International Workshop on Quality of Service
Scalable Stealth Mode P2P Overlays of Very Small Constant Degree
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Challenges in experimenting with botnet detection systems
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
State-of-the-art approaches for the detection of peer-to-peer (P2P) botnets are on the one hand mostly local and on the other hand tailored to specific botnets involving a great amount of human time, effort, skill and creativity. Enhancing or even replacing this labor-intensive process with automated and, if possible, local network monitoring tools is clearly extremely desirable. To investigate the feasibility of automated and local monitoring, we present an experimental analysis of the traffic dispersion graph (TDG)--a key concept in P2P network detection--of P2P overlay maintenance and search traffic as seen at a single AS. We focus on a feasible scenario where an imaginary P2P botnet uses some basic P2P techniques to hide its overlay network. The simulations are carried out on an AS-level model of the Internet. We show that the visibility of P2P botnet traffic at any single AS (let alone a single router) can be very limited. While we strongly believe that the automated detection and mapping of complete P2P botnets is possible, our results imply that it cannot be achieved by a local approach: it will inevitably require very close cooperation among many different administrative domains and it will require state-of-the-art P2P algorithms as well.