Title :
Traceback Attacks in Cloud -- Pebbletrace Botnet
Author :
Lin, Wenjie ; Lee, David
Abstract :
Botmaster sets up Command and Control (C&C) server and stepping-stones in the Internet for stealing sensitive information from victim´s machine. Clouds provide botmaster with an ideal environment of rich computing resources where he can easily deploy/remove C&C server and establish/tear-down stepping-stones for anonymous attacks. It is of vital importance for cloud service providers to detect botnet, prevent attack, and trace back to the botmaster. We present our Pebble trace scheme for the trace back to the botmaster. It first identifies cryptographic keys of the botnet communications for configuring botnet operations and then traces back to the botmaster. We design and implement a new key identification scheme and propose an approach for tracing back to the botmaster across stepping-stones and beyond multiple clouds without universal deployment of monitors, router updates, or ISP support. We implement our method and build a Pebble-trace prototype that is applied to Zeus botnet in OpSource cloud with promising results.
Keywords :
cloud computing; command and control systems; cryptography; software agents; C&C server; Internet; OpSource cloud; Zeus botnet; anonymous attack; attack prevention; botmaster; botnet communication; botnet detection; cloud service provider; command and control server; cryptographic key; pebble trace scheme; pebble-trace prototype; pebbletrace botnet; sensitive information stealing; stepping-stone; traceback attack; Encryption; Entropy; IP networks; Monitoring; Receivers; Servers; Pebbletrace; Zeus botnet; botmaster; botnet; cloud; key identification; stepping-stones;
Conference_Titel :
Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on
Conference_Location :
Macau
Print_ISBN :
978-1-4673-1423-7
DOI :
10.1109/ICDCSW.2012.61
