Measuring peer-to-peer botnets using control flow stability

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 663-669

  Wang, Binbin ^a   Li, Zhitang ^a   Tu, Hao ^a   Ma, Jie ^a  

^a HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

A-STABILITY; BOTNETS; CENTRAL POINT; COMMAND AND CONTROL; CONTROL FLOWS; DETECTION ALGORITHM; DETECTION APPROACH; FALSE POSITIVE; P2P-BASED; PEER TO PEER; PEER-TO-PEER NETWORKS; PRE-PROGRAMMED CONTROL;

STABILITY;

EID: 70349669421     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.59     Document Type: Conference Paper

References (22)

1. T.Micro, "Taxonomy of botnet threats", Trend Micro White Paper, Tech. Rep., November 2006.
2. LURHQ Threat Intelligence Group. (2007) Sinit p2p Trojan analysis. [Online]. Available: http://www.lurhq.com/sinit.html
3. R.Lemos. (2006) Bot software looks to improve peerage. [Online]. Available: http://www.securityfocus.com/news/11390
4. J.Stewart. (2007) Storm worm DDos attack. [Online]. Available: http://www.secureworked.com/research/threats/storm-worm
5. Overnet. [Online]. Available: http://www.overnet.org
6. P.Maymounkov and D.Mazieres, "Kademlian: A peer-to-peer information system based on the XOR metric", in Proceedings of IPTPS'02, March 2002.
7. M. Steiner, T. En-Najjary and E. W. Biersack, "A Global View of KAD", in Proceedings of IMC'07, October, 2007.
8. M.Piatek, T.Isdal, A.Krishnamurthy and T.Anderson, "Do incentives build robustness in BitTorren?" in Proceedings of NSDI'07, April 2007.
9. K.Kutzner and T. Fuhrmann, "Measuring large overlay networks - The overnet example", in Proceedings of KiVS2005, March 2005.
10. S.B.David, J.Gehrke and D.Kifer, "Detecting Change in Data Streams", in Proceedings of VLDB2004, Augest 2004.
11. T.Batu, L.Fortnow, R.Rubinfeld, W.D.Smith and P.White, "Testing that distributions are close", in Proceedings of FOCS2000, December 2000.
12. J.Goebel and T.Holz, "Rishi: Identify bot contaminated hosts by IRC nickname evaluation", in Proceedings of USENIX HotBots'07, April 2007.
13. J.R.Binkley and S.Singh, "An algorithm for anomaly-based botnet detection", in Proceedings of USENIX SRUTI'06, July 2006.
14. A.Karasaridis, B.Rexroad and D.Hoeflin, "Wide-scale botnet detection and characterization", in Proceedings of USENIX HotBots'07, April 2007.
15. G.F.Gu, R.Perdisci, J.J.Zhang and W.K.Lee, "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection", in Proceedings of USENIX Security'08, July 2008.
16. E.Cooke, F.Jahanian, and D.McPherson, "The zombie roundup: Understanding, detecting, and disrupting botnets", in Proceedings of USENIX SRUTI'05, July 2005.
17. J.GRizzard, V.Sharma, C.Nunnery, B.Kang, D.Dagon, "Peer-to-Peer Botnets: Overview and Case Study", in Proceedings of USENIX Hot-Bots'07, April 2007.
18. P.Porras, H.Saidi and V.Yegneswaran, "A Multi-perspective Analysis of the Storm(Peacomm) Worm", SRI International, Tech. Rep., October 2007.
19. F.Boldewin. (2007) Peacomm.C Cracking the Nut-shell. [Online]. Available: http://www.reconstructer.org/papers.html
20. E.Florio and M.Ciubotariu, "Peerbot:Catch me if you can", Symantec Security Response, Tech. Rep., April 2007.
21. T.Holz, M.Steiner, F.Dahl etc, "Measurements and Mitigation of Peerto-Peer-based Botnets:A Case Study on Storm Worm", in Proceedings of USENIX LEET'08, April 2008.
22. R.Schoff and R.Koning. (2007, February) Detecting peer-to-peer botnets. [Online]. Available: http://staff.science.uva.nl/ delaat/sne-2006-2007/p17/ report.pdf