Optimising sybil attacks against P2P-based botnets

Addressing and mitigating modern global-scale botnets is a pressing Internet security issue, particularly, given that these botnets are known to be provide attackers with the large-scale low-cost computing infrastructure required to engage in major spam campaigns, larger-scale phishing attacks, etc. Over time, botnets have evolved toward using decentralized peer-to-peer (P2P) command and control (C&C) infrastructures in order to increase their resilience against defender countermeasures, i.e. as seen in Storm´s use of Overnet and more recently in the appearance of HTTP-tunneled P2P botnets, such as Waledac and Conficker. The obvious question is, what are effective countermeasures against these modern botnets? This work focuses on evaluating, via simulation, sybil attack-based countermeasures and how such sybil-based strategies should be tailored to allow them to both be effective and implementable on global-scales. Slower-rate sybil infection strategies with random placement of sybils are shown to be nearly as effective as higher-rate infection strategies with targeted placement. This somewhat counter-intuitive result is important, as the former strategy is easier to implement by a loosely co-ordinated collective of globally scattered defenders.