nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.12.2014

Tsunami: A parasitic, indestructible botnet on Kad

verfasst von: Ghulam Memon, Jun Li, Reza Rejaie

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 4/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

While current botnets rely on a central server or bootstrap nodes for their operations, in this paper we identify and investigate a new type of botnet, called Tsunami, in which no such bottleneck nodes exist. In particular, we study how a Tsunami botnet can build a parasitic relationship with a widely deployed P2P system, Kad, to successfully issue commands to its bots, launch various attacks, including distributed denial of service (DDoS) and spam, at ease, as well as receive responses from the bots. Our evaluation shows that in a Kad network with four million nodes, even with only 6 % nodes being Tsunami bots, Tsunami can reach 75 % of its bots in less than 4 min and receive responses from 99 % of bots. We further propose how we may defend against Tsunami and evaluate the defense solution.

Vorheriger Artikel P2P storage systems: Study of different placement policies

Nächster Artikel Peer-to-peer as an infrastructure service

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alureon botnet. Website: http://arstechnica.com/security/news/2011/07/4-million-strong-alureon-botnet-practically-indestructable.ars

Analysis of phatbot. Website: http://www.secureworks.com/research/threats/phatbot/

emule. Website: http://www.emule-project.net

Machbot. Website: http://www.team-cymru.com/ReadingRoom/Whitepapers/2008/http-botnets.pdf

Chun B, Culler D, Roscoe T, Bavier A, Peterson L, Wawrzoniak M, Bowman M (2003) Planetlab: an overlay testbed for broad-coverage services. ACM SIGCOMM Comput Commun Rev 33(3):3–12

Dixon C, Anderson T, Krishnamurthy A (2008) Phalanx: withstanding multimillion-node botnets. In: NSDI’08: proceedings of the 5th USENIX symposium on networked systems design and implementation. USENIX Association, Berkeley, pp 45–58

Grizzard JB, Sharma V, Nunnery C, Kang BB, Dagon D (2007) Peer-to-peer botnets: overview and case study. In: Proceedings of the first conference on first workshop on hot topics in understanding botnets. USENIX Association, Berkeley, pp 1–1. http://dl.acm.org/citation.cfm?id=1323128.1323129

Holz T, Steiner M, Dahl F, Biersack E, Freiling F (2008) Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET’08: proceedings of the 1st usenix workshop on large-scale exploits and emergent threats. USENIX Association, Berkeley, pp 1–9

Kanich C, Kreibich C, Levchenko K, Enright B, Voelker GM, Paxson V, Savage S (2008) Spamalytics: an empirical analysis of spam marketing conversion. In: CCS ’08: proceedings of the 15th ACM conference on computer and communications security. ACM, New York, pp 3–14. http://doi.acm.org/10.1145/1455770.1455774

10.

Maymounkov P, Mazières D (2002) Kademlia: a peer-to-peer information system based on the xor metric. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer-Verlag, London, pp 53–65

11.

Memon G, Rejaie R, Guo Y, Stutzbach D (2009) Large-scale monitoring of dht traffic. In: IPTPS ’09: proceedings of the 8th international workshop on peer-to-peer systems. http://www.usenix.org/events/iptps09/tech/full_papers/memon/memon.pdf

12.

Memon G, Rejaie R, Guo Y, Stutzbach D (2011) Montra: a large–scale dht traffic monitor. Comput Netw 56(3):1080–1091

13.

Rajab MA, Zarfoss J, Monrose F, Terzis A (2006) A multifaceted approach to understanding the botnet phenomenon. In: IMC ’06: proceedings of the 6th ACM SIGCOMM conference on internet measurement. ACM, New York, pp 41–52. http://doi.acm.org/10.1145/1177080.1177086

14.

Ripeanu M (2001) Peer-to-peer architecture case study: Gnutella network. In: First international conference on peer-to-peer computing. Proceedings, IEEE, pp 99–100

15.

Rowstron AIT, Druschel P (2001) Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Middleware ’01: proceedings of the IFIP/ACM international conference on distributed systems platforms Heidelberg. Springer-Verlag, London, pp 329–350

16.

Steiner M, Carra D, Biersack EW (2008) Faster content access in kad. In: P2P 2008, 8th IEEE international conference on peer-to-peer computing, Aachen. doi:10.1109/P2P.2008.28

17.

Stoica I, Morris R, Karger D, Kaashoek MF, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. In: SIGCOMM ’01: proceedings of the 2001 conference on applications, technologies, architectures, and protocols for computer communications. ACM, New York, pp 149–160. http://doi.acm.org/10.1145/383059.383071

18.

Stone-Gross B, Cova M, Cavallaro L, Gilbert B, Szydlowski M, Kemmerer R, Kruegel C, Vigna G (2009) Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM conference on computer and communications security. ACM, pp 635–647

19.

Stover S, Dittrich D, Hernandez J, Dietrich S (2007) Analysis of the Storm and Nugache Trojans: P2P Is Here. ;login: The USENIX Magazine 32(6): 18–27. http://www.usenix.org/publications/login/2007-12/pdfs/stover.pdf

20.

Stutzbach D, Rejaie R (2006) Understanding churn in peer-to-peer networks. In: IMC ’06: Proceedings of the 6th ACM SIGCOMM conference on internet measurement. ACM, New York, pp 189–202. http://doi.acm.org/10.1145/1177080.1177105

21.

Wang P, Sparks S, Zou CC (2007) An advanced hybrid peer-to-peer botnet. In: HotBots’07: proceedings of the first conference on first workshop on hot topics in understanding botnets. USENIX Association, Berkeley

22.

Zhao BY, Kubiatowicz JD, Joseph AD (2001) Tapestry: an infrastructure for fault-tolerant wide-area location and Tech. rep., Berkeley

Titel: Tsunami: A parasitic, indestructible botnet on Kad
verfasst von: Ghulam Memon
Jun Li
Reza Rejaie
Publikationsdatum: 01.12.2014
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 4/2014
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-013-0202-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2014

A novel method of mining network flow to detect P2P botnets

Group formation with neighbor similarity trust in P2P E-commerce

Security analysis of block cipher Piccolo suitable for wireless sensor networks

Router architecture evaluation for security network

On the collaboration of different peer-to-peer traffic management schemas

The performance and locality tradeoff in bittorrent-like file sharing systems

Premium Partner