• DocumentCode
    188210
  • Title

    A Collaborative Traceback against P2P Botnet Using Information Sharing and Correlation Analysis

  • Author

    Xiaolei Wang ; Jie He ; Yuexiang Yang

  • Author_Institution
    Coll. of Comput., Nat. Univ. of Defense Technol., Changsha, China
  • fYear
    2014
  • fDate
    13-15 Oct. 2014
  • Firstpage
    132
  • Lastpage
    138
  • Abstract
    Botnets are a serious threat to Internet-based services and end users. The recent paradigms shift from centralized to more sophisticated Peer-to-Peer (P2P) botnets introduces new challenges for security researchers. Centralized botnets are easy to be taken down by computer security researchers and law enforcement. Thus, botnet operators have sought new ways to harden the infrastructures of their botnets and some botnets operators have (re) designed their botnets to use P2P infrastructures because of the excellent properties of P2P technology. Many P2P botnets are far more resilient to current takedown attempts than centralized botnets due to the lack of single points of failure and stealthy Command and Control (C&C) servers. In order to combat and eradicate a P2P botnet better, we have to track a P2P botnet and find its main C&C servers. However, research on tracking for C&C servers in current P2P botnets is still lacking to the best of our knowledge, which is urgently required. In this paper, an overview of current P2P botnets is firstly presented, including architecture characteristics and traffic models. Based on the architecture characteristics of P2P botnets and traffic models, a collaborative trace back framework is proposed to find the main C&C servers in P2P botnets.
  • Keywords
    groupware; invasive software; peer-to-peer computing; Internet-based services; P2P botnet; P2P infrastructure; P2P technology; botnet operators; collaborative traceback framework; command and control servers; correlation analysis; information sharing; peer-to-peer botnet; Distributed computing; Knowledge discovery; C&Cservers; P2P botnet; architecture characteristics; collaborative framework; traceback; traffic model;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on
  • Conference_Location
    Shanghai
  • Print_ISBN
    978-1-4799-6235-8
  • Type

    conf

  • DOI
    10.1109/CyberC.2014.31
  • Filename
    6984294