Analysis of the evolution of peer-to-peer systems
Proceedings of the twenty-first annual symposium on Principles of distributed computing
IEEE Internet Computing
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Building Low-Diameter P2P Networks
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Simulation and Analysis on the Resiliency and Efficiency of Malnets
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
A Multi-Resolution Approach forWorm Detection and Containment
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Forensic Analysis for Epidemic Attacks in Federated Networks
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
SS'08 Proceedings of the 17th conference on Security symposium
Using Simulation to Characterize Topology of Peer to Peer Botnets
ICCMS '09 Proceedings of the 2009 International Conference on Computer Modeling and Simulation
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Hi-index | 0.00 |
Several works have utilized network models to study peer-to-peer botnets, particularly in evaluating the effectiveness of strategies aimed at taking down a botnet. We observe that previous works fail to consider an important structural characteristic of networks -- assortativity. This property quantifies the tendency for "similar" nodes to connect to each other, where the notion of "similarity" is examined in terms of node degree. Empirical measurements on networks simulated according to the Waledac botnet protocol, and on network traces of bots from a honeynet running in the wild, suggest that real-world botnets can be significantly assortative, even more so than social networks. By adjusting the level of assortativity in simulated networks, we show that high assortativity allows networks to be more resilient to takedown strategies than predicted by previous works, and can allow a network to "heal" itself effectively after a fraction of its nodes are removed. We also identify alternative takedown strategies that are more effective, and more difficult for the network to recover from, than those explored in previous works.