Friends of an enemy: Identifying local members of peer-to-peer botnets using mutual contacts

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2010, Pages 131-140

  Coskun, Baris ^a   Dietrich, Sven ^b   Memon, Nasir ^c  

^a AT AND T LABS RESEARCH   (United States)

^b STEVENS INSTITUTE OF TECHNOLOGY   (United States)

^c NEW YORK UNIVERSITY   (United States)

Author keywords

IDS; network security; P2P botnet

Indexed keywords

BOTNET; DISTRIBUTED COMPUTER SYSTEMS; ITERATIVE METHODS; PEER TO PEER NETWORKS;

BOTNETS; HIGH PROBABILITY; IDS; LOWER PROBABILITIES; MALICIOUS BEHAVIOR; NETWORKS SECURITY; P2P BOTNET; PEER TO PEER; PEER TO PEER (P2P); SIMPLE METHOD;

NETWORK SECURITY;

EID: 78751473146     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1920261.1920283     Document Type: Conference Paper

References (33)

1. R. Bhagwan, S. Savage, and G. M. Voelker. Understanding availability. In The 2nd International Workshop on Peer-to-peer systems, 2003.
2. J. R. Binkley and S. Singh. An algorithm for anomaly-based botnet detection. In SRUTI'06: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, 2006.
3. J. Caballero, P. Poosankam, C. Kreibich, and D. Song. Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering. In Proceedings of the 16th ACM Conference on Computer and Communication Security, Chicago, IL, November 2009.
4. CERT Coordination Center. SiLK: System for internet-level knowledge. Available at http://tools.netsa.cert.org/silk/.
5. D. R. Choffnes, J. Duch, D. Malmgren, R. Guierma, F. E. Bustamante, and L. Amaral. Swarmscreen: Privacy through plausible deniability in P2P systems. Technical report, Northwestern EECS Technical Report, March 2009.
6. D. Dagon, G. Gu, C. Lee, and W. Lee. A taxonomy of botnet structures. In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), December 2007.
7. L. K. Dawn and D. Song. Privacy-preserving set operations. In in Advances in Cryptology - CRYPTO 2005, LNCS, pages 241-257, 2005.
8. D. Dittrich and S. Dietrich. Discovery techniques for P2P botnets. In Stevens Institute of Technology CS Technical Report 2008-4, September 2008.
9. D. Dittrich and S. Dietrich. New directions in peer-to-peer malware. In Sarnoff Symposium, 2008 IEEE, April 2008.
10. D. Dittrich and S. Dietrich. P2P as botnet command and control: A deeper insight. In MALWARE 2008. 3rd International Conference on Malicious and Unwanted Software, 2008.
11. P. Erdos and A. Renyi. On random graphs I. Publ. Math. Debrecen 6, pages 290-297, 1959.
12. P. Erdos and A. Renyi. The evolution of random graphs. Magyar Tud. Akad. Mat. Kutato Int. Kozl 5, pages 17-61, 1960.
13. J. Goebel and T. Holz. Rishi: identify bot contaminated hosts by IRC nickname evaluation. In HotBots'07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007.
14. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon. Peer-to-peer botnets: overview and case study. In HotBots'07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007.
15. G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In Proceedings of the 17th USENIX Security Symposium (Security'08), 2008.
16. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of the 16th USENIX Security Symposium (Security'07), August 2007.
17. G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), February 2008.
18. T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling. Measurements and mitigation of peer-to-peer-based botnets: a case study on Storm Worm. In LEET'08: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, 2008.
19. M. Iliofotou, P. Pappu, M. Faloutsos, M. Mitzenmacher, S. Singh, and G. Varghese. Network monitoring using traffic dispersion graphs (TDGs). In IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pages 315-320, 2007.
20. M. Jelasity and V. Bilicki. Towards automated detection of peer-to-peer botnets: On the limits of local approaches. In Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats LEET'09, April 2009.
21. B. B. Kang, E. Chan-Tin, C. P. Lee, J. Tyra, H. J. Kang, C. N. Z. Wadler, G. Sinclair, N. Hopper, D. Dagon, and Y. Kim. Towards complete node enumeration in a peer-to-peer botnet. In Proceedings of ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009), March 2009.
22. C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, and S. Savage. The Heisenbot uncertainty problem: challenges in separating bots from chaff. In LEET'08: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pages 1-9, 2008.
23. A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In HotBots'07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007.
24. S. Kondo and N. Sato. Botnet traffic detection techniques by C&C session classification using svm. Advances in Information and Computer Security, pages 91-104, 2007.
25. C. Livadas, R. Walsh, D. Lapsley, and W. Strayer. Using machine learning technliques to identify botnet traffic. Local Computer Networks, Annual IEEE Conference on, 0:967-974, 2006.
26. S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. BotGrep: Finding P2P bots with structured graph analysis. In USENIX Security Conference, August 2010.
27. P. Porras, H. Saidi, and V. Yegneswaran. Conficker C P2P Protocol and Implementation, September 2009. http://mtc.sri.com/Conficker/P2P/.
28. G. Sinclair, C. Nunnery, and B.-H. Kang. The waledac protocol: The how and why. In Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, pages 69-77, October 2009.
29. E. Stinson and J. C. Mitchell. Towards systematic evaluation of the evadability of bot/botnet detection methods. In WOOT'08: Proceedings of the 2nd conference on USENIX Workshop on offensive technologies, 2008.
30. S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich. Analysis of the storm and nugache trojans: P2P is here. In ;login: The USENIX Magazine, volume 32-6, December 2007.
31. W. Strayer, R. Walsh, C. Livadas, and D. Lapsley. Detecting botnets with tight command and control. Local Computer Networks, Annual IEEE Conference on, 0:195-202, 2006.
32. The Honeynet Project. Honeywall, 2009. https://projects.honeynet.org/ honeywall/.
33. T.-F. Yen and M. K. Reiter. Traffic aggregation for malware detection. In DIMVA '08: Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 207-227, 2008.