Revisiting Botnet Models and Their Implications for Takedown Strategies

Yen, Ting-Fang; Reiter, Michael K.

doi:10.1007/978-3-642-28641-4_14

Cited by 9 publications

(11 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We find that most botnet takedowns have limited and transient impacts on global wickedness. This result agrees with other research, which found that botnets are surprisingly resilient [81], and in many cases recover after a short time [54]. Other work has modeled malicious websites, noting the high variance of cybersecurity data, and investigates interventions through modeling [13].…”

Section: Related Worksupporting

confidence: 90%

Analyzing and Modeling Longitudinal Security Data

Edwards¹,

Hofmeyr

Forrest

et al. 2015

Proceedings of the 31st Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Many cybersecurity problems occur on a worldwide scale, but we lack rigorous methods for determining how best to intervene and mitigate damage globally, both short-and long-term. Analysis of longitudinal security data can provide insight into the effectiveness and differential impacts of security interventions on a global level. In this paper we consider the example of spam, studying a large high-resolution data set of messages sent from 260 ISPs in 60 countries over the course of a decade. The statistical analysis is designed to avoid common pitfalls that could lead to erroneous conclusions. We show how factors such as geography, national economics, Internet connectivity and traffic flow impact can affect local spam concentrations. Additionally, we present a statistical model to study temporal transitions in the dataset, and we use a simple extension of the model to investigate the effect of historical botnet takedowns on spam levels. We find that in aggregate most historical takedowns are beneficial in the short-term, but few have long-term impact. Further, even when takedowns are effective globally, they can be detrimental in specific geographic regions or countries. The analysis and modeling described here are based on a single data set. However, the techniques are general and could be adapted to other data sets to help improve decision making about when and how to deploy security interventions.

show abstract

Section: Related Worksupporting

confidence: 90%

Analyzing and Modeling Longitudinal Security Data

Edwards¹,

Hofmeyr

Forrest

et al. 2015

Proceedings of the 31st Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…Davis et al used graph simulations to analyze the impact of bot disinfections on the communication effectiveness of P2P botnets [5]. Recently Yen and Reiter discussed the role of assortative mixing in P2P botnets and its consequences for network resilience and recovery [33]. However, to the best of our knowledge, our work is the first to introduce formal definitions for the systematization of attacks against P2P botnets.…”

Section: Related Workmentioning

confidence: 99%

SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets

Rossow¹,

Andriesse

Werner³

et al. 2013

2013 IEEE Symposium on Security and Privacy

141

122

View full text Add to dashboard Cite

Centralized botnets are easy targets for takedown efforts by computer security researchers and law enforcement. Thus, botnet controllers have sought new ways to harden the infrastructures of their botnets. In order to meet this objective, some botnet operators have (re)designed their botnets to use Peer-to-Peer (P2P) infrastructures. Many P2P botnets are far more resilient to takedown attempts than centralized botnets, because they have no single points of failure. However, P2P botnets are subject to unique classes of attacks, such as node enumeration and poisoning. In this paper, we introduce a formal graph model to capture the intrinsic properties and fundamental vulnerabilities of P2P botnets. We apply our model to current P2P botnets to assess their resilience against attacks. We provide assessments on the sizes of all eleven active P2P botnets, showing that some P2P botnet families contain over a million bots. In addition, we have prototyped several mitigation strategies to measure the resilience of existing P2P botnets. We believe that the results from our analysis can be used to assist security researchers in evaluating mitigation strategies against current and future P2P botnets.

show abstract

“…3. Reports from academia and industry have long warned of the high resilience potential of peer-to-peer botnets [4,5,7,19,20]. Through our analysis of the communication protocol and resilience mechanisms of P2P Zeus, we show that highly resilient P2P botnets are now a very real threat.…”

Section: Introductionmentioning

confidence: 93%

Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus

Andriesse¹,

Rossow²,

Stone-Gross³

et al. 2013

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE)

View full text Add to dashboard Cite

Zeus is a family of credential-stealing trojans which originally appeared in 2007. The first two variants of Zeus are based on centralized command servers. These command servers are now routinely tracked and blocked by the security community. In an apparent effort to withstand these routine countermeasures, the second version of Zeus was forked into a peer-to-peer variant in September 2011. Compared to earlier versions of Zeus, this peer-to-peer variant is fundamentally more difficult to disable. Through a detailed analysis of this new Zeus variant, we demonstrate the high resilience of state of the art peer-to-peer botnets in general, and of peer-to-peer Zeus in particular.

show abstract

Revisiting Botnet Models and Their Implications for Takedown Strategies

Cited by 9 publications

References 38 publications

Analyzing and Modeling Longitudinal Security Data

Analyzing and Modeling Longitudinal Security Data

SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets

Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus

Contact Info

Product

Resources

About