Skip to main content

Über dieses Buch

This book presents current research in the area of advanced monitoring in P2P botnets, and uses a dual-perspective approach to discuss aspects of botnet monitoring in-depth. First, from the perspective of a defender, e.g. researchers, it introduces advanced approaches to successfully monitor botnets, taking the presence of current botnet anti-monitoring mechanisms into consideration. Then, adopting a botmaster perspective to anticipate the advances in future botnets, it introduces advanced measures to detect and prevent monitoring activities. All the proposed methods were evaluated either using real-world data or in a simulation scenario. In addition to providing readers with an in-depth understanding of P2P botnets, the book also analyzes the implications of the various design choices of recent botnets for effectively monitoring them. It serves as an excellent introduction to new researchers and provides a useful review for specialists in the field.



Chapter 1. Introduction

Most cyber attacks are carried out using botnets, a collection of vulnerable machines infected with malware that are controlled by a botmaster via a Command and Control (C2) server. Traditional botnets utilize a centralized architecture for the communication between the botmaster and its bots. Hence, if such a C2 is taken down, the botmaster cannot communicate with its bots anymore. Recent P2P-based botnets, e.g., GameOver Zeus, Sality, and ZeroAccess, adopt a distributed architecture and establish a communication overlay between participating bots. All existing (counter)-attacks against P2P botnets require details such as the botnet population size and the connectivity graph among the bots. As a consequence, monitoring such botnets is an important task for analysts. However, botmasters often attempt to impede the performance of monitoring mechanisms. This is also the case with the introduction of an automated blacklisting mechanism in GameOver Zeus and a local reputation mechanism in Sality. However, some of the existing proposed and deployed anti-monitoring mechanisms are still in their infancy but it is just a matter of time before advanced countermeasures are introduced. This chapter provides an overview on the topic and the overall contribution as well as an outlook for this entire book.
Shankar Karuppayah

Chapter 2. Requirements and State of the Art

P2P botnet monitoring is not something new. This has been ongoing for quite some number of years already. However, not much guidelines have been set up on conducting efficient botnet monitoring. This chapter addresses this gap by providing a detailed set of requirements of a botnet monitoring mechanism. In addition, this chapter also introduces a formal model for P2P botnets that is used for understanding the remaining chapters in this book. Finally, this chapter also provides a thorough analysis on the state of the art in botnet monitoring. This includes the challenges in botnet monitoring that stems from the dynamic nature of the P2P network as well as the anti-monitoring countermeasures set by botmasters to impede botnet monitoring activities.
Shankar Karuppayah

Chapter 3. The Anatomy of P2P Botnets

This chapter provides an in-depth analysis on the anatomy of three P2P botnets that are focused in this book; GameOver Zeus, Sality and ZeroAccess. This analysis is partly done based on own reverse-engineering work as well as based on the work of other collaborators that have thoroughly studied botnets such as GameOver Zeus. Besides explaining the inner-workings of each botnet’s membership management mechanism, this chapter also describes the anti-monitoring mechanisms that are employed by the botnets to impede botnet monitoring attempts. The information provided in this chapter not only useful for the remaining part of this book, but is also able to provide a glimpse of the advancements of existing botnets to the readers.
Shankar Karuppayah

Chapter 4. Crawling Botnets

This chapter discusses in-depth on the challenges of monitoring P2P botnets using a crawler as well as the viable solution to circumvent them. Specifically, the GameOver Zeus neighborlist restriction mechanism is elaborated and an algorithm to circumvent it is presented. Furthermore, an efficient crawling algorithm that aims at enumerating all bots with the minimum number of crawled nodes is also presented. Finally, to predict the advancement of future botnets, a lightweight crawler detection mechanism dubbed ‘BoobyTrap’ (BT) is proposed. The proposed works were all evaluated using real world datasets against the state of the art mechanisms and the results were presented and discussed in this chapter. Among the presented results, characterization of real-world crawlers detected via the BT mechanism were also included.
Shankar Karuppayah

Chapter 5. Deployment of Sensor Nodes in Botnets

This chapter discusses in-depth on the challenges of monitoring P2P botnets using a sensor as well as the viable solution to circumvent them. Most of the related work have mentioned that sensors are difficult to be detected due to the passive nature of the sensors. Despite that, in this chapter, three novel sensor detection mechanisms based on graph-theoretic approaches are presented. These proposed detection mechanisms were compared and evaluated by using real world datasets. The results indicate that if the proposed mechanisms are being deployed by botmasters, existing types of sensors are easily detected. To give an upper hand back to the defenders, this chapter also discusses the steps to circumvent the proposed mechanisms.
Shankar Karuppayah

Chapter 6. Conclusion and Outlook

This chapter concludes the book with a recapitulation of all contributions within this domain of advanced P2P botnet monitoring. Besides that, this chapter also provided the outlook in the direction future botnet monitoring as a guide for the readers.
Shankar Karuppayah

Erratum to: Advanced Monitoring in P2P Botnets

Shankar Karuppayah
Weitere Informationen

Premium Partner

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.



Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung

Unternehmen haben das Innovationspotenzial der eigenen Mitarbeiter auch außerhalb der F&E-Abteilung erkannt. Viele Initiativen zur Partizipation scheitern in der Praxis jedoch häufig. Lesen Sie hier  - basierend auf einer qualitativ-explorativen Expertenstudie - mehr über die wesentlichen Problemfelder der mitarbeiterzentrierten Produktentwicklung und profitieren Sie von konkreten Handlungsempfehlungen aus der Praxis.
Jetzt gratis downloaden!