Towards automated detection of peer-to-peer botnets: on the limits of local approaches
作者: Vilmos Bilicki , Márk Jelasity
DOI:
关键词:
摘要: State-of-the-art approaches for the detection of peer-to-peer (P2P) botnets are on one hand mostly local and other tailored to specific involving a great amount human time, effort, skill creativity. Enhancing or even replacing this labor-intensive process with automated and, if possible, network monitoring tools is clearly extremely desirable. To investigate feasibility monitoring, we present an experimental analysis traffic dispersion graph (TDG)--a key concept in P2P detection--of overlay maintenance search as seen at single AS. We focus feasible scenario where imaginary botnet uses some basic techniques hide its network. The simulations carried out AS-level model Internet. show that visibility any AS (let alone router) can be very limited. While strongly believe mapping complete our results imply it cannot achieved by approach: will inevitably require close cooperation among many different administrative domains state-of-the-art algorithms well.
u-szeged.hu参考文章(25)
Lyle A. McGeoch, David S. Johnson, The Traveling Salesman Problem: A Case Study in Local Optimization ,(2008)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
N. Weaver, D. Ellis, S. Staniford, V. Paxson, Worms vs. perimeters: the case for hard-LANs high performance interconnects. pp. 70- 76 ,(2004) , 10.1109/CONECT.2004.1375206
David Dagon, Nick Feamster, Anirudh Ramachandran, Revealing botnet membership using DNSBL counter-intelligence conference on steps to reducing unwanted traffic on internet. pp. 8- 8 ,(2006)
Gurmeet Singh Manku, Mayank Bawa, Prabhakar Raghavan, Symphony: distributed hashing in a small world usenix symposium on internet technologies and systems. pp. 10- 10 ,(2003)
Jon M. Kleinberg, Navigation in a small world Nature. ,vol. 406, pp. 845- 845 ,(2000) , 10.1038/35022643
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Geoffrey M. Voelker, Brandon Enright, Chris Kanich, Kirill Levchenko, Stefan Savage, The heisenbot uncertainty problem: challenges in separating bots from chaff LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 10- ,(2008)
W. Timothy Strayer, David Lapsely, Robert Walsh, Carl Livadas, Botnet Detection Based on Network Behavior Botnet Detection. pp. 1- 24 ,(2008) , 10.1007/978-0-387-68768-1_1
Felix Freiling, Ernst Biersack, Moritz Steiner, Frederic Dahl, Thorsten Holz, Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 9- ,(2008)