Abstract
Most cyber attacks are carried out using botnets, a collection of vulnerable machines infected with malware that are controlled by a botmaster via a Command and Control (C2) server. Traditional botnets utilize a centralized architecture for the communication between the botmaster and its bots. Hence, if such a C2 is taken down, the botmaster cannot communicate with its bots anymore. Recent P2P-based botnets, e.g., GameOver Zeus, Sality, and ZeroAccess, adopt a distributed architecture and establish a communication overlay between participating bots. All existing (counter)-attacks against P2P botnets require details such as the botnet population size and the connectivity graph among the bots. As a consequence, monitoring such botnets is an important task for analysts. However, botmasters often attempt to impede the performance of monitoring mechanisms. This is also the case with the introduction of an automated blacklisting mechanism in GameOver Zeus and a local reputation mechanism in Sality. However, some of the existing proposed and deployed anti-monitoring mechanisms are still in their infancy but it is just a matter of time before advanced countermeasures are introduced. This chapter provides an overview on the topic and the overall contribution as well as an outlook for this entire book.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient Peer-to-Peer botnets are here: an analysis of Gameover Zeus. In: International Conference on Malicious and Unwanted Software: The Americas (2013)
Falliere, N.: Sality: Story of a Peer-to-Peer Viral Network. Technical report, Symantec (2011)
Wyke, J.: The ZeroAccess BotnetMining and Fraud for Massive Financial Gain. Sophos Technical Paper (2012)
Rossow, C., Andriesse, D., Werner, T., Stone-gross, B., Plohmann, D., Dietrich, C.J., Bos, H., Secureworks, D.: P2PWNED: modeling and evaluating the resilience of Peer-to-Peer botnets. In: IEEE Symposium on Security and Privacy (2013)
Stone-gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet : analysis of a botnet takeover. In: ACM CCS. ACM (2009)
Egevang, K., Francis, P.: The IP network address translator (NAT). Technical report, RFC 1631 (1994)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2018 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd., part of Springer Nature
About this chapter
Cite this chapter
Karuppayah, S. (2018). Introduction. In: Advanced Monitoring in P2P Botnets. SpringerBriefs on Cyber Security Systems and Networks. Springer, Singapore. https://doi.org/10.1007/978-981-10-9050-9_1
Download citation
DOI: https://doi.org/10.1007/978-981-10-9050-9_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-9049-3
Online ISBN: 978-981-10-9050-9
eBook Packages: Computer ScienceComputer Science (R0)