Skip to main content
SpringerLink
Log in

Decentralized Peer-to-Peer Botnet Architectures

  • Chapter
Advances in Information and Intelligent Systems

Part of the book series: Studies in Computational Intelligence ((SCI,volume 251))

Abstract

Botnets have historically used centralized architectures for their command and control systems.While deployment and logical construction of these systems is simplistic and efficient, a critical weak-point exists in the central server used to coordinate messages and route traffic. Recently, the introduction of decentralized architectures with peer-to-peer (P2P) routing has provided malware authors with increased resilience and location obfuscation for command distribution points. To date, botnets with these topologies have been difficult for the defenders to accurately enumerate and effectively remediate. In this chapter, we describe the architectures, capabilities, functional behaviors, and current mitigation efforts for the Nugache, Storm, and Mayday botnets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baecher, P., Koetter, M., Holz, T., Dorsneif, M., Freiling, F.: The Nepenthes platform: An efficient approach to collect malware (2006), http://honeyblog.org/junkyard/paper/collecting-malware-final.pdf

  2. Cooke, E., Jahanian, F., McPherson, D.: The Zombie Roundup: Understanding, detecting, and disrupting botnets. In: Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet, July 2006, pp. 39–44 (2006)

    Google Scholar 

  3. Dagon, D., Gu, G., Lee, C., Lee, W.: A taxonomy of botnet structures. In: Proceedings of the 23rd Annual Computer Security Applications Conference. ACSA (December 2007)

    Google Scholar 

  4. Demers, A., Greene, D., Hauser, C., Irish, W., Larson, J., Shenker, S., Sturgis, H., Swinehart, D., Terry, D.: Epidemic algorithms for replicated database maintenance. In: PODC 1987: Proceedings of the sixth annual ACM Symposium on Principles of distributed computing, pp. 1–12. ACM Press, New York (1987)

    Chapter  Google Scholar 

  5. Dittrich, D., Dietrich, S.: P2P as botnet command and control: a deeper insight. In: Proceedings of the 2008 3rd International Conference on Malicious and Unwated Software (MALWARE) (October 2008)

    Google Scholar 

  6. Florino, E., Cibotariu, M.: Peerbot: Catch me if you can. In: Symantec Security Response: Ireland, Virus Bulletin (March 2007)

    Google Scholar 

  7. Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-peer botnets: Overview and case study. In: Usenix First Workshop on Hot Topics in Understanding Botnets (April 2007)

    Google Scholar 

  8. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: Detecting malware infection through ids-driven dialog correlation. In: Proceedings of The 16th USENIX Security Symposium, August 2007. USENIX Association (2007)

    Google Scholar 

  9. Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: NDSS (2008)

    Google Scholar 

  10. Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In: Proceedings of the First USENIX Workshop on Large Scale Exploits and Emergent Threats, April 2008. USENIX Association (2008)

    Google Scholar 

  11. Kanich, C., Levchenko, K., Enright, B., Voelker, G., Savage, S.: The Heisenbot uncertainty problem: Challenges in separating bots from chaff. In: Proceedings of the First USENIX Workshop on Large Scale Exploits and Emergent Threats, April 2008. USENIX Association (2008)

    Google Scholar 

  12. Maymounkov, P., Mazières, D.: Kademlia: A peer-to-peer information system based on the XOR metric. In: 1st International Workshop on Peer-to-Peer Systems, pp. 53–62 (2002)

    Google Scholar 

  13. Overnet, http://www.overnet.com

  14. Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the USENIX Internet Measurement Conference, October 2006. USENIX Association (2006)

    Google Scholar 

  15. Stewart, J.: Protocols and encryption of the storm botnet, http://www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf

  16. Stewart, J.: Storm worm ddos attack (February 2007), http://www.secureworks.com/research/threats/view.html?threat=storm-worm

  17. Stinson, E., Mitchell, J.: Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods. In: Workshop on Offensive Technologies, WOOT (2008)

    Google Scholar 

  18. Stover, S., Dittrich, D., Hernandez, J., Deitrich, S.: Analysis of the Storm and Nugache trojans - P2P is here. Login 32(6) (December 2007)

    Google Scholar 

  19. Wilson, T.: Competition may be driving surge in botnets, spam (January 2008), http://www.darkreading.com/security/management/showArticle.jhtml?articleID=208803799

Download references

Author information

Authors and Affiliations

  1. College of Computing and Informatics, University of North Carolina at Charlotte,  

    Brent ByungHoon Kang & Chris Nunnery

Authors
  1. Brent ByungHoon Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chris Nunnery
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computing and Informatics, University of North Carolina at Charlotte, 28223, Charlotte, N.C., USA

    Zbigniew W. Ras  & William Ribarsky  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Kang, B.B., Nunnery, C. (2009). Decentralized Peer-to-Peer Botnet Architectures. In: Ras, Z.W., Ribarsky, W. (eds) Advances in Information and Intelligent Systems. Studies in Computational Intelligence, vol 251. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04141-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04141-9_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04140-2

  • Online ISBN: 978-3-642-04141-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation