Exploiting SIP for botnet communication

5th IEEE Workshop on Secure Network Protocols, NPSEC'09

Volumn , Issue , 2009, Pages 31-36

  Berger, Andreas ^a   Hefeeda, Mohamed ^b  

^a TELECOMMUNICATIONS RESEARCH CENTER VIENNA FTW   (Austria)

^b SIMON FRASER UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

BOTNETS; GENERIC SERVICES; INTERNET SERVICES; IP MULTIMEDIA SUBSYSTEMS; KEY COMPONENT; SESSION INITIATION PROTOCOL; SIP PROTOCOL; SOFTWARE TOOL; TELECOMMUNICATION PROVIDERS; TESTBED NETWORKS; TRAFFIC STATISTICS;

INTERNET; NETWORK SECURITY; TELECOMMUNICATION EQUIPMENT; TELECOMMUNICATION SERVICES; TELECOMMUNICATION TRAFFIC; TRAFFIC SURVEYS;

INTERNET PROTOCOLS;

EID: 74549211386     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NPSEC.2009.5342244     Document Type: Conference Paper

References (17)

1. S. Berinato, "How a bookmaker and a whiz kid took on a DDOS-based online extortion attack," May 2005. [Online]. Available: http://www.csoonline.com/article/220336/How-a-Bookmaker-and-a-Whiz-Kid-Took-On- a-DDOS-based-Online-Extortion-Attack
2. Y. Zhao, Y. Xie, F. Yu, Q. Ke, Y. Yu, Y. Chen, and E. Gillum, "BotGraph: large scale spamming botnet detection," in Proc. of the USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, 2009.
3. D. Stutzbach and R. Rejaie, "Understanding churn in peer-to-peer networks," in Proc. of the ACM SIGCOMM Conference on Internet Measurement, Rio de Janeriro, Brazil, 2006, pp. 189-202.
4. J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, SIP: Session Initiation Protocol. IETF, RFC 3261.
5. G. Camarillo and M. Garcia-Martin, The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds. John Wiley & Sons, Aug. 2004.
6. F. Dahl, "Der Storm-Worm," Master's thesis, University of Mannheim, Mar. 2008.
7. P. Maymounkov and D. Mazires, "Kademlia: A Peer-to-Peer information system based on the XOR metric," in Proc. of the International Workshop on Peer-to-Peer Systems. Cambridge, MA: Springer-Verlag, 2002, pp. 53-65.
8. "KadC - P2P library." [Online]. Available: http://kadc. sourceforge.net
9. A. Moizard, "The eXtended osip library." [Online]. Available: http://savannah.nongnu.org/projects/exosip
10. B. Campbell, J. Rosenberg, H. Schulzrinne, C. Huitema, and D. Gurle, Session Initiation Protocol (SIP) Extension for Instant Messaging. IETF, RFC 3428.
11. J. Rosenberg, A Presence Event Package for the Session Initiation Protocol (SIP). IETF, RFC 3856.
12. G. Boggia, P. Camarda, A. D'Alconzo, A. D. Biasi, and M. Siviero, "Drop call probability in established cellular networks: from data analysis to modelling," in Proc. of the Vehicular Technology Conference, vol. 5, Stockholm, Sweden, 2005, pp. 2775-2779.
13. W. Strayer, D. Lapsely, R. Walsh, and C. Livadas, Botnet Detection Based on Network Behavior, ser. Advances in Information Security. Springer-Verlag, 2008, vol. 36, pp. 1-24.
14. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection," in Proc. of the USENIX Security Symposium, San Jose, CA, 2008, pp. 139-154.
15. G. Gu, J. Zhang, and W. Lee, "BotSniffer: detecting botnet command and control channels in network traffic," in Proc. of the Network & Distributed System Security Symposium, San Diego, CA, 2008.
16. D. Dagon, C. Zou, and W. Lee, "Modeling botnet propagation using time zones," in Proc. of the Network and Distributed System Security Symposium, San Diego, CA, 2006.
17. T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, "Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm," in Proc. of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, California, 2008, pp. 1-9.