Measuring the effectiveness of infrastructure-level detection of large-scale botnets

Authors:
Yuanyuan Zeng;Guanhua Yan;Stephan Eidenbenz;Kang G. Shin
Affiliations:
University of Michigan;Los Alamos National Laboratory;Los Alamos National Laboratory;University of Michigan
Venue:
Proceedings of the Nineteenth International Workshop on Quality of Service
Year:
2011

Citing 12
Cited 2

Chord: A scalable peer-to-peer lookup service for internet applications

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric

IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Multi-scale integrated information and telecommunications system (MIITS): first results from a large-scale end-to-end network simulator

Proceedings of the 38th conference on Winter simulation
An algorithm for anomaly-based botnet detection

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Network monitoring using traffic dispersion graphs (tdgs)

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

SS'08 Proceedings of the 17th conference on Security symposium
Graph-based P2P traffic classification at the internet backbone

INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Criticality analysis of Internet infrastructure

Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards automated detection of peer-to-peer botnets: on the limits of local approaches

LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Characterizing the global impact of P2P overlays on the AS-level underlay

PAM'10 Proceedings of the 11th international conference on Passive and active measurement
BotGrep: finding P2P bots with structured graph analysis

USENIX Security'10 Proceedings of the 19th USENIX conference on Security

Botnets: A survey

Computer Networks: The International Journal of Computer and Telecommunications Networking
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Botnets are one of the most serious security threats to the Internet and its end users. In recent years, utilizing P2P as a Command and Control (C&C) protocol has become popular due to its decentralized nature that can help hide the botmaster's identity. Most bot detection approaches targeting P2P botnets either rely on behavior monitoring or traffic flow and packet analysis, requiring fine-grained information collected locally. This requirement limits the scale of detection. In this paper, we consider detection of P2P botnets at a high-level---the infrastructure level---by exploiting their structural properties from a graph analysis perspective. Using three different P2P overlay structures, we measure the effectiveness of detecting each structure at various locations (the Autonomous System (AS), the Point of Presence (PoP), and the router rendezvous) in the Internet infrastructure.