Abstract
Botnet armed with P2P protocol is especially robust against various attacks used to be very effective against centralized network. It’s especially significant to enhance our understanding of unstructured P2P Botnets which prove to be resilient against various dismantle efforts. Node injection technique is quite effective in enumerating infected hosts from P2P Botnets, but no previous work has investigated the effectiveness of this method in a quantitative manner. In this paper, we propose a peer popularity boosting algorithm to put the popularity of injected peer under control, and a method to tune the node injection rate to achieve better compromise between consumed bandwidth and completeness of node enumeration. Furthermore, we evaluate our methods with varied level of node injections on three live P2P Botnets, the result shows that our method is quite effective in boosting and manipulating injected peer’s popularity. In contrast to other methods without manipulation of injected peer’s magnitude of dispersion in network, our method not only unlock the full potential of node injections, but also could be adapted to measurements of various needs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Zeus-p2p monitoring and analysis. Technical report, CERT POLSKA (2013)
Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus. In: Proceedings of the 8th IEEE International Conference on Malicious and Unwanted Software (MALWARE 2013), Fajardo, Puerto Rico, USA. IEEE Computer Society (October 2013)
Dagon, D., Gu, G., Lee, C., Lee, W.: A taxonomy of botnet structures. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol. 4697, pp. 325–339. Springer, Heidelberg (2007)
Davis, C., Fernandez, J., Neville, S., McHugh, J.: Sybil attacks as a mitigation strategy against the storm botnet. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 32–40 (2008)
Falliere, N.: Sality: Story of a peer to-peer viral network. Technical report, Symantec Labs (2011)
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET 2008, pp. 9:1–9:9. USENIX Association, Berkeley (2008)
Kang, B.B., Chan-Tin, E., Lee, C.P., Tyra, J., Kang, H.J., Nunnery, C., Wadler, Z., Sinclair, G., Hopper, N., Dagon, D., Kim, Y.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 23–34. ACM, New York (2009)
Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: Botgrep: Finding p2p bots with structured graph analysis. In: Proceedings of the 19th USENIX Conference on Security, USENIX Security 2010, p. 7. USENIX Association, Berkeley (2010)
Neville, A., Gibb, R.: Zeroaccess indepth. Technical report, Symantec (2013)
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots 2007, p. 5. USENIX Association, Berkeley (2007)
Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C., Bos, H.: Sok: P2pwned - modeling and evaluating the resilience of peer-to-peer botnets. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 97–111 (2013)
Sinclair, G., Nunnery, C., Kang, B.-H.: The waledac protocol: The how and why. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 69–77 (2009)
Wang, B., Li, Z., Tu, H., Hu, Z., Hu, J.: Actively measuring bots in peer-to-peer networks. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2009, vol. 1, pp. 603–607 (2009)
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots 2007, p. 2. USENIX Association, Berkeley (2007)
Wang, P., Wu, L., Aslam, B., Zou, C.: A systematic study on peer-to-peer botnets. In: Proceedings of 18th Internatonal Conference on Computer Communications and Networks, ICCCN 2009, pp. 1–8 (2009)
Wyke, J.: The zeroaccess botnet - mining and fraud for massive financial gain. Technical report, SophosLabs (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Yan, J. et al. (2014). Revisiting Node Injection of P2P Botnet. In: Au, M.H., Carminati, B., Kuo, CC.J. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 8792. Springer, Cham. https://doi.org/10.1007/978-3-319-11698-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-11698-3_10
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11697-6
Online ISBN: 978-3-319-11698-3
eBook Packages: Computer ScienceComputer Science (R0)