towards complete node enumeration in a peer-to-peer botnet

Report

Post on 07-Jan-2016

31 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

Towards Complete Node Enumeration in a Peer-to-Peer Botnet. REFERENCES. Towards complete node enumeration in a peer-to-peer botnet - PowerPoint PPT Presentation

TRANSCRIPT

Towards Complete Node Enumeration in

a Peer-to-Peer Botnet

REFERENCES Towards complete node enumeration

in a peer-to-peer botnet B. Kang, E. Chan-Tin, C. Lee, J. Tyra, H. Kang, C. Nunnery, Z. Wadler,

G. Sinclair, N. Hopper, D. Dagon, and Y. Kim.. In ACM Symposium on Information, Computer & Communication Security (ASIACCS 2009), 2009.

INTRODUCTIONPPM-Passive P2P Monitor -collection of a “routing only” nodes in the P2P

networkFWC-FireWall Checker -send back two query packets one from the

sensor and one from another IPStorm Botnet -Overnet ProtocolCrawler -sending look-up requests -get-peerlist protocol

ARCHITECTUREExpected Problems and Fixes -PPM cannot identify a new node, if Storm

botnet does not send messages to it -PPMis its lack of source address spoofing detection

ARCHITECTUREImplementation Details1. A Storm node in the bot network sends a request to one

of our PPM

2. PPM replies to the request and sends another request to that Storm node

2’. At the same time, PPM also sends a message to FWC telling it to send a similar request to that Storm node

2”. Upon receiving this message, FWC sends a request to the same Storm node (same request that PPMsent to that Storm node).

ANALYTICAL AND EXPERIMENTAL RESULTSExperimental Settings -PPM nodes, the FWC, and a P2P network

crawler -deployed 256 PPM nodes -collected from 20 days -deployed 16 virtual machines infected

each of them with Storm

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTSProbability of PPM receiving a random

message-Search is a message used in routing to find

the replica roots- GetSearchResult is a message sent to

possible replica roots to get the actual result

-Publish is a message meant to publish binding information

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTS

ANALYTICAL AND EXPERIMENTAL RESULTS

CONCLUSIONPPM as an enumeration method for the

Storm peer-to-peer botnet is efficientanalyzed the differences in enumeration results from the PPM and a crawler

top related

les nouveaux «pare » intégrés et l‟utilisation des...
Documents
roadrunners botnet
Documents
botnet tutorial
Documents
measurement and analysis of hajime, a peer-to-peer iot...
Documents
botnet ppt
Documents
your botnet is my botnet: analysis of a botnet...
Documents
improve ddos botnet tracking with honeypots - …...ddos...
Documents
botnet architecture
Technology
your botnet is my botnet: analysis of a botnet takeover ·...
Documents
anatomy of a botnet - تواناanatomy of a botnet 1...
Documents
big data analytics framework for peer-to-peer botnet ... ·...
Documents
your botnet is my botnet: analysis of a botnet...
Documents
botnet infiltration
Documents
measurement and analysis of hajime, a peer-to-peer iot...
Documents
your botnet is my botnet : analysis of a botnet ...
Documents
study of peer-to-peer network based cybercrime ... · study...
Documents
analysis of a ``/0'' stealth scan from a botnet ·...
Documents
peer to peer botnet detection based on flow intervals to...
Documents
your botnet is my botnet: analysis of a botnet takeoverwhile...
Documents
an evaluation model of botnet based on peer to peer
Documents