Experiments with P2P Botnet Detection

Lionel Rivière und Sven Dietrich 1
  • 1  Stevens Institute of Technology, Hoboken, U.S.A.


Botnets, which are used to perform various malicious activities, have become a major threat in recent years. Spamming, phishing, stealing sensitive information, conducting distributed denial of service (DDoS) attacks, scanning to find more hosts to compromise using malware are the goals of many botnets, sometimes of low-profile botnets such as the Nugache botnet [1] which used a peer-to-peer (P2P) structure. Some botnets hide their network activities for many months (and maybe years) before being noticed. Networks might contain more deceptive or dormant bots which haven´t been exposed yet. Here we apply an a posteriori detection approach based on mutual contacts peers exchange in a network, called the dye-pumping algorithm [2]. After briefly recalling typical botnet operations, we will talk further about the dye-pumping algorithm (DPA) mechanism and implementation, its input data structures, and then give a short analysis of the results of our experiment.

Artikel kaufen
Erhalten sie sofort unbegrenzten Zugriff auf den Artikel.
Haben Sie den Zugang bereits erworben? Melden Sie sich bitte an.

Zugriff über Ihre Institution

Zeitschrift + Hefte

it - Information Technology is a strictly peer-reviewed scientific journal. It is the oldest German journal in the field of information technology. Today, the major aim of it - Information Technology is highlighting issues on ongoing newsworthy areas in information technology and informatics and their application. It aims at presenting the topics with a holistic view.