An Advanced Hybrid Peer-to-Peer Botnet

被引：107

作者：

Wang, Ping ^{[1
]}

Sparks, Sherri ^{[1
]}

Zou, Cliff C. ^{[1
]}

机构：

[1] Univ Cent Florida, Sch Elect Engn & Comp Sci, Orlando, FL 32816 USA

来源：

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2010年 / 7卷 / 02期

基金：

美国国家科学基金会;

关键词：

Botnet; peer-to-peer; robustness; honeypot;

D O I：

10.1109/TDSC.2008.35

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

A "botnet" consists of a network of compromised computers controlled by an attacker ("botmaster"). Recently, botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in the near future. In this paper, we present the design of an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. In the end, we suggest and analyze several possible defenses against this advanced botnet.

引用

页码：113 / 127

页数：15

共 45 条

[1]

[Anonymous], P 7 INT S REC ADV IN

[2]

[Anonymous], P MATH METH MOD ARCH

[3]

Arce I., 2003, IEEE Security & Privacy, V1, P82, DOI 10.1109/MSECP.2003.1177002

[4]

BARFORD P, 2006, ADV INFORM IN PRESS

[5]

Bhagwan R., 2003, P 2 INT WORKSH PEER

[6]

BINKLEY R, 2006, P USENIX 2 WORKSH ST

[7]

CHEN Y, 2006, ARO DARPA DHS SPEC W

[8]

Chen YQ, 2003, LECT NOTES COMPUT SC, V2578, P400

[9]

Cooke E., 2005, P USENIX WORKSH STEP

[10]

COREY J, 2004, ADV HONEY POT IDENTI

← 1 2 3 4 5 →