Title :
Long Term Tracking and Characterization of P2P Botnet
Author :
Jia Yan ; Lingyun Ying ; Yi Yang ; Purui Su ; Dengguo Feng
Author_Institution :
Trusted Comput. & Inf. Assurance Lab., Inst. of Software, Beijing, China
Abstract :
P2P Botnet is quite robust against various attacks once very effective against centralized network. In this paper, we concentrate on the tracking of P2P botnets, investigate botnet victims which are routable on the Internet, also known as super peers. The super peers are the backbone of the botnet to disseminate its commands and payload updates. Through tracking of three typical live P2P botnets over 6 months and analysis of their network dynamics, we outline a number of descriptive and statistical characterization of super peers, such as geo-location, peer session time and intersession time, in-degree and out-degree distribution, pattern of arrival and departure. In addition, based on the assumption that IP dynamic allocation will not cross the AS (Autonomous System) border, we give out a lower bound estimate of total infected super peers in a conservative manner. We also propose several guidelines on disrupting P2P botnets concerning its various features we have characterized which could be helpful to the security community.
Keywords :
IP networks; Internet; invasive software; peer-to-peer computing; statistical analysis; AS border; IP dynamic allocation; Internet; P2P botnet characterization; P2P botnet victims; autonomous system border; centralized network; descriptive characterization; long term tracking; network dynamic analysis; payload updates; security community; statistical characterization; Crawlers; IP networks; Internet; Measurement; Peer-to-peer computing; Protocols; Routing;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/TrustCom.2014.24
