Experiments with P2P Botnet Detection

Lionel Rivière and Sven Dietrich 1
  • 1  Stevens Institute of Technology, Hoboken, U.S.A.

Abstract

Botnets, which are used to perform various malicious activities, have become a major threat in recent years. Spamming, phishing, stealing sensitive information, conducting distributed denial of service (DDoS) attacks, scanning to find more hosts to compromise using malware are the goals of many botnets, sometimes of low-profile botnets such as the Nugache botnet [1] which used a peer-to-peer (P2P) structure. Some botnets hide their network activities for many months (and maybe years) before being noticed. Networks might contain more deceptive or dormant bots which haven´t been exposed yet. Here we apply an a posteriori detection approach based on mutual contacts peers exchange in a network, called the dye-pumping algorithm [2]. After briefly recalling typical botnet operations, we will talk further about the dye-pumping algorithm (DPA) mechanism and implementation, its input data structures, and then give a short analysis of the results of our experiment.

Purchase article
Get instant unlimited access to the article.
£23.00
Log in
Already have access? Please log in.


or
Log in with your institution

Journal + Issues

it - Information Technology is a strictly peer-reviewed scientific journal. It is the oldest German journal in the field of information technology. Today, the major aim of it - Information Technology is highlighting issues on ongoing newsworthy areas in information technology and informatics and their application. It aims at presenting the topics with a holistic view.

Search