Portal de Periódicos da CAPES

Analysis of Peer-to-Peer Botnet Attacks and Defenses

2015; Springer Nature; Linguagem: Inglês

10.1007/978-3-319-15916-4_8

1868-4408

Ping Wang, Lei Wu, Baber Aslam, Cliff C. Zou,

Internet Traffic Analysis and Secure E-voting

A "botnet" is a network of computers that are compromised and controlled by an attacker (botmaster). Botnets are one of the most serious threats to today's Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Due to the distributive nature of P2P networks, P2P botnets are more resilient to defense countermeasures. In this chapter, first we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, C&C communication mechanisms/protocols, and mitigation approaches. Then we provide mathematical analysis of two P2P botnet elimination approaches—index poisoning defense and Sybil defense, and one P2P botnet monitoring technique—passive monitoring based on infiltrated honeypots or captured bots. Simulation experiments show that our mathematical analysis is accurate.