AntBot: Anti-pollution peer-to-peer botnets

Yan, Guanhua; Eidenbenz, Stephan; Ha, Duc T

doi:10.1016/j.comnet.2011.02.006

Title: AntBot: Anti-pollution peer-to-peer botnets

Conference · Thu Jan 01 00:00:00 EST 2009

DOI:https://doi.org/10.1016/j.comnet.2011.02.006· OSTI ID:970957

Yan, Guanhua ^[1]; Eidenbenz, Stephan ^[1]; Ha, Duc T ^[2]

Los Alamos National Laboratory
UNIV. AT BUFFALO

Botnets, which are responsible for many email sparnming and DDoS (Distributed Denial of Service) attacks in the current Internet, have emerged as one of most severe cyber-threats in recent years. To evade detection and improve resistance against countermeasures, botnets have evolved from the first generation that relies on IRC chat channels to deliver commands to the current generation that uses highly resilient P2P (Peer-to-Peer) protocols to spread their C&C (Command and Control) information. It is, however, revealed that P2P botnets, although relieved from the single point of failure that IRC botnets suffer, can be easily disrupted using pollution-based mitigation schemes [15]. In this paper, we play the devil's advocate and propose a new type of hypothetical botnets called AntBot, which aim to propagate their C&C information to individual bots even though there exists an adversary that persistently pollutes keys used by seized bots to search the command information. The key idea of AntBot is a tree-like structure that bots use to deliver the command so that captured bots reveal only limited information. To evaluate effectiveness of AntBot against pollution-based mitigation in a virtual environment, we develop a distributed P2P botnet simulator. Using extensive experiments, we demonstrate that AntBot operates resiliently against pollution-based mitigation. We further present a few potential defense schemes that could effectively disrupt AntBot operations.

View Conference

Cite

Export

Save

Research Organization:: Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC52-06NA25396

OSTI ID:: 970957

Report Number(s):: LA-UR-09-06004; LA-UR-09-6004; TRN: US201003%%301

Resource Relation:: Journal Volume: 55; Journal Issue: 8; Conference: The ISOC 17th Annual Network and Distributed System Security Symposium ; February 28, 2010 ; San Diego, CA

Country of Publication:: United States

Language:: English

Similar Records

P2P-based botnets: structural analysis, monitoring, and mitigation

Conference · Tue Jan 01 00:00:00 EST 2008 · OSTI ID:970957

Yan, Guanhua; Eidenbenz, Stephan; Ha, Duc T; +1 more

RatBot: anti-enumeration peer-to-peer botnets

Conference · Fri Jan 01 00:00:00 EST 2010 · OSTI ID:970957

Yan, Guanhua; Eidenbenz, Stephan; Chen, Songqing

Detecting Peer-to-Peer Botnets in SCADA Systems

Conference · Thu Dec 08 00:00:00 EST 2016 · OSTI ID:970957

Yang, Huan; Cheng, Liang; Chuah, Mooi Choo

Related Subjects

97 MATHEMATICS AND COMPUTING
DETECTION
INTERNET
MITIGATION
SECURITY
POLLUTION CONTROL
COMPUTERS

Title: AntBot: Anti-pollution peer-to-peer botnets

Citation Formats

Similar Records

Related Subjects