Crawling Botnets

  • Shankar Karuppayah
Part of the SpringerBriefs on Cyber Security Systems and Networks book series (BRIEFSCSSN)


This chapter discusses in-depth on the challenges of monitoring P2P botnets using a crawler as well as the viable solution to circumvent them. Specifically, the GameOver Zeus neighborlist restriction mechanism is elaborated and an algorithm to circumvent it is presented. Furthermore, an efficient crawling algorithm that aims at enumerating all bots with the minimum number of crawled nodes is also presented. Finally, to predict the advancement of future botnets, a lightweight crawler detection mechanism dubbed ‘BoobyTrap’ (BT) is proposed. The proposed works were all evaluated using real world datasets against the state of the art mechanisms and the results were presented and discussed in this chapter. Among the presented results, characterization of real-world crawlers detected via the BT mechanism were also included.


  1. 1.
    Rossow, C., Andriesse, D., Werner, T., Stone-gross, B., Plohmann, D., Dietrich, C.J., Bos, H., Secureworks, D.: P2PWNED: modeling and evaluating the resilience of Peer-to-Peer botnets. In: IEEE Symposium on Security and Privacy (2013)Google Scholar
  2. 2.
    Karuppayah, S., Roos, S., Rossow, C., Mühlhäuser, M., Fischer, M.: ZeusMilker: circumventing the P2P zeus neighbor list restriction mechanism. In: IEEE International Conference on Distributed Computing Systems (ICDCS) (2015)Google Scholar
  3. 3.
    Karuppayah, S., Fischer, M., Rossow, C., Mühlhäuser, M.: On advanced monitoring in resilient and unstructured P2P botnets. In: IEEE International Conference on Communications (ICC) (2014)Google Scholar
  4. 4.
    Maymounkov, P., Mazieres, D.: Kademlia: a peer-to-peer information system based on the xor metric. Peer-to-Peer systems. Lect. Notes Comput. Sci. 2429, 53–65 (2002)CrossRefGoogle Scholar
  5. 5.
    Stutzbach, D., Rejaie, R., Sen, S.: Characterizing unstructured overlay topologies in modern P2P file-sharing systems. ACM SIGCOMM Internet Meas. Conf. (IMC) (2005)Google Scholar
  6. 6.
    Bar-Yehuda, R., Even, S.: A local-ratio theorem for approximating the weighted vertex cover problem. Ann. Discret. Math. (1985)Google Scholar
  7. 7.
    Falliere, N.: Sality: Story of a Peer-to-Peer Viral Network. Technical report, Symantec (2011)Google Scholar
  8. 8.
    Karuppayah, S., Vasilomanolakis, E., Haas, S., Mühlhäuser, M., Fischer, M.: BoobyTrap: on autonomously detecting and characterizing crawlers in P2P Botnets. In: IEEE International Conference on Communications (ICC) (2016)Google Scholar
  9. 9.
    Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Network and Distributed System Security Symposium (2014)Google Scholar
  10. 10.
    Baumgart, I., Heep, B., Krause, S.: Oversim: a flexible overlay network simulation framework. In: IEEE Global Internet Symposium (2007)Google Scholar
  11. 11.
    Hagberg, Aa, Schult, Da, Swart, P.J.: Exploring network structure, dynamics, and function using NetworkX. In: Proceedings of the 7th Python in Science Conference (SciPy2008), 836, 11–15 (2008)Google Scholar
  12. 12.
    Neville, A., Gibb, R.: ZeroAccess Indepth. Symantec Security Response (2013)Google Scholar

Copyright information

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd., part of Springer Nature 2018

Authors and Affiliations

  1. 1.National Advanced IPv6 Centre (NAv6)Universiti Sains MalaysiaUSM, PenangMalaysia

Personalised recommendations