Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Proceedings of the 38th conference on Winter simulation
An algorithm for anomaly-based botnet detection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
SS'08 Proceedings of the 17th conference on Security symposium
Graph-based P2P traffic classification at the internet backbone
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Criticality analysis of Internet infrastructure
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards automated detection of peer-to-peer botnets: on the limits of local approaches
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Characterizing the global impact of P2P overlays on the AS-level underlay
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Botnets are one of the most serious security threats to the Internet and its end users. In recent years, utilizing P2P as a Command and Control (C&C) protocol has become popular due to its decentralized nature that can help hide the botmaster's identity. Most bot detection approaches targeting P2P botnets either rely on behavior monitoring or traffic flow and packet analysis, requiring fine-grained information collected locally. This requirement limits the scale of detection. In this paper, we consider detection of P2P botnets at a high-level---the infrastructure level---by exploiting their structural properties from a graph analysis perspective. Using three different P2P overlay structures, we measure the effectiveness of detecting each structure at various locations (the Autonomous System (AS), the Point of Presence (PoP), and the router rendezvous) in the Internet infrastructure.