Jump to ContentJump to Main Navigation
Show Summary Details
More options …

it - Information Technology

Methods and Applications of Informatics and Information Technology

Editor-in-Chief: Molitor, Paul

6 Issues per year

Online
ISSN
2196-7032
See all formats and pricing
More options …
Volume 54, Issue 2 (Apr 2012)

Issues

Experiments with P2P Botnet Detection

Lionel Rivière / Sven Dietrich
Published Online: 2012-03-20 | DOI: https://doi.org/10.1524/itit.2012.0668

Abstract

Botnets, which are used to perform various malicious activities, have become a major threat in recent years. Spamming, phishing, stealing sensitive information, conducting distributed denial of service (DDoS) attacks, scanning to find more hosts to compromise using malware are the goals of many botnets, sometimes of low-profile botnets such as the Nugache botnet [1] which used a peer-to-peer (P2P) structure. Some botnets hide their network activities for many months (and maybe years) before being noticed. Networks might contain more deceptive or dormant bots which haven´t been exposed yet. Here we apply an a posteriori detection approach based on mutual contacts peers exchange in a network, called the dye-pumping algorithm [2]. After briefly recalling typical botnet operations, we will talk further about the dye-pumping algorithm (DPA) mechanism and implementation, its input data structures, and then give a short analysis of the results of our experiment.

Zusammenfassung

Botnetze, die zum Ausführen von verschiedenen kriminellen Aktivitäten benutzt werden, sind zu einer großen Bedrohung geworden. Spam, Phishing, Datendiebstahl, DDoS-Attacken, Scanning, um neue Opfer zu finden, sind die Ziele vieler Botnetze, zum Beispiel das Nugache-Botnetz, das eine Peer-to-Peer-Struktur (P2P) verwendet hat. Einige Botnetze verstecken ihre Aktivitäten monatelang (manchmal auch jahrelang), bevor sie bemerkt werden. Netzwerke können Schläfer-Bots enthalten, die noch nicht entdeckt worden sind. Hier wenden wir a posteriori eine Methode an, die auf gemeinsame Netzwerk-Kontakte basiert, den sogenannten Dye-Pumping Algorithm (DPA, etwa: Farb- oder Tinten-Pump-Algorithmus). Nach einer Übersicht von typischen Botnetz-Verhalten besprechen wir den DPA an sich, seine Implementation und Datenstrukturen, und geben eine kurze Analyse der Versuchsergebnisse.

Keywords: P2P botnet; IDS; network security

About the article

* Correspondence address: Stevens Institute of Technology, 07030 Hoboken, U.S.A.,


Published Online: 2012-03-20

Published in Print: 2012-04-01


Citation Information: it - Information Technology Methoden und innovative Anwendungen der Informatik und Informationstechnik, ISSN (Print) 1611-2776, DOI: https://doi.org/10.1524/itit.2012.0668.

Export Citation

© by Oldenbourg Wissenschaftsverlag, Hoboken, Germany. Copyright Clearance Center

Comments (0)

Please log in or register to comment.
Log in