Title :
Measuring the effectiveness of infrastructure-level detection of large-scale botnets
Author :
Zeng, Yuanyuan ; Yan, Guanhua ; Eidenbenz, Stephan ; Shin, Kang G.
Author_Institution :
Univ. of Michigan, Ann Arbor, MI, USA
Abstract :
Botnets are one of the most serious security threats to the Internet and its end users. In recent years, utilizing P2P as a Command and Control (C&C) protocol has become popular due to its decentralized nature that can help hide the botmaster´s identity. Most bot detection approaches targeting P2P botnets either rely on behavior monitoring or traffic flow and packet analysis, requiring fine-grained information collected locally. This requirement limits the scale of detection. In this paper, we consider detection of P2P botnets at a high-level - the infrastructure level-by exploiting their structural properties from a graph analysis perspective. Using three different P2P overlay structures, we measure the effectiveness of detecting each structure at various locations (the Autonomous System (AS), the Point of Presence (PoP), and the router rendezvous) in the Internet infrastructure.
Keywords :
Internet; computer network security; peer-to-peer computing; Internet security threat; P2P botnets; P2P overlay structure; autonomous system location; graph analysis perspective; infrastructure-level botnet detection; peer-to-peer protocol; point-of-presence location; router rendezvous location; IP networks; Image edge detection; Internet; Measurement; Network topology; Protocols; Topology;
Conference_Titel :
Quality of Service (IWQoS), 2011 IEEE 19th International Workshop on
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4577-0104-7
Electronic_ISBN :
1548-615X
DOI :
10.1109/IWQOS.2011.5931312
