Towards Complete Node Enumeration in a Peer-to-Peer Botnet

16
Towards Complete Node Enumeration in a Peer-to-Peer Botnet

description

Towards Complete Node Enumeration in a Peer-to-Peer Botnet. REFERENCES. Towards complete node enumeration in a peer-to-peer botnet - PowerPoint PPT Presentation

Transcript of Towards Complete Node Enumeration in a Peer-to-Peer Botnet

Page 1: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

Towards Complete Node Enumeration in

a Peer-to-Peer Botnet

Page 2: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

REFERENCES Towards complete node enumeration

in a peer-to-peer botnet B. Kang, E. Chan-Tin, C. Lee, J. Tyra, H. Kang, C. Nunnery, Z. Wadler,

G. Sinclair, N. Hopper, D. Dagon, and Y. Kim.. In ACM Symposium on Information, Computer & Communication Security (ASIACCS 2009), 2009.

Page 3: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

INTRODUCTIONPPM-Passive P2P Monitor -collection of a “routing only” nodes in the P2P

networkFWC-FireWall Checker -send back two query packets one from the

sensor and one from another IPStorm Botnet -Overnet ProtocolCrawler -sending look-up requests -get-peerlist protocol

Page 4: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ARCHITECTUREExpected Problems and Fixes -PPM cannot identify a new node, if Storm

botnet does not send messages to it -PPMis its lack of source address spoofing detection

Page 5: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ARCHITECTUREImplementation Details1. A Storm node in the bot network sends a request to one

of our PPM

2. PPM replies to the request and sends another request to that Storm node

2’. At the same time, PPM also sends a message to FWC telling it to send a similar request to that Storm node

2”. Upon receiving this message, FWC sends a request to the same Storm node (same request that PPMsent to that Storm node).

Page 6: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTSExperimental Settings -PPM nodes, the FWC, and a P2P network

crawler -deployed 256 PPM nodes -collected from 20 days -deployed 16 virtual machines infected

each of them with Storm

Page 7: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 8: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 9: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 10: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 11: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTSProbability of PPM receiving a random

message-Search is a message used in routing to find

the replica roots- GetSearchResult is a message sent to

possible replica roots to get the actual result

-Publish is a message meant to publish binding information

Page 12: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 13: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 14: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 15: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

ANALYTICAL AND EXPERIMENTAL RESULTS

Page 16: Towards Complete Node Enumeration in a Peer-to-Peer Botnet

CONCLUSIONPPM as an enumeration method for the

Storm peer-to-peer botnet is efficientanalyzed the differences in enumeration results from the PPM and a crawler


Visionary Session - SafePlus Live San Diego 2015...Visionary Session: Self-Learning Networks JP Vasseur, ... Evolution of C&C using Peer to Peer network ... controlled by the botnet

Visionary Session - SafePlus Live San Diego 2015...Visionary Session: Self-Learning Networks JP Vasseur, ... Evolution of C&C using Peer to Peer network ... controlled by the botnet

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet€¦ · Time (20-minute bins) atk.mipseb update.i.mipseb update. How big is Hajime? 0K 10K 20K 30K 40K 50K 60K 70K 80K

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet€¦ · Time (20-minute bins) atk.mipseb update.i.mipseb update. How big is Hajime? 0K 10K 20K 30K 40K 50K 60K 70K 80K

Analysis of Peer-to-Peer Botnet Attacks and Defensesczou/research/Chapter-analyze... · 2014. 11. 7. · life cycle of P2P botnets, which is composed of three stages. Upon our understand-ing

Analysis of Peer-to-Peer Botnet Attacks and Defensesczou/research/Chapter-analyze... · 2014. 11. 7. · life cycle of P2P botnets, which is composed of three stages. Upon our understand-ing

Peer to Peer Botnet Detection Based on Flow Intervals to Peer Botnet Detection Based on Flow Intervals David Zhao 1, Issa Traore , ... life. Furthermore, detection based on network

Peer to Peer Botnet Detection Based on Flow Intervals to Peer Botnet Detection Based on Flow Intervals David Zhao 1, Issa Traore , ... life. Furthermore, detection based on network

Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnetdml/papers/hajime_ndss19.pdfMeasurement and Analysis of Hajime, a Peer-to-peer IoT Botnet Stephen Herwig 1Katura Harvey;2George

Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnetdml/papers/hajime_ndss19.pdfMeasurement and Analysis of Hajime, a Peer-to-peer IoT Botnet Stephen Herwig 1Katura Harvey;2George

An Evaluation model of botnet based on peer to peer Gao Jian KangFeng ZHENG,YiXian Yang,XinXin Niu 2012 Fourth International Conference on Computational.

An Evaluation model of botnet based on peer to peer Gao Jian KangFeng ZHENG,YiXian Yang,XinXin Niu 2012 Fourth International Conference on Computational.

Botnet Classification

Botnet Classification

Peer-to-Peer Botnet Detection Using NetFlowdelaat.net/rp/2013-2014/p65/presentation.pdf · Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlowdelaat.net/rp/2013-2014/p65/presentation.pdf · Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Anatomy of a Botnet - تواناAnatomy of a Botnet 1 Executive Summary ... Fueled by innovations like do-it-yourself botnet construction kits and rent-a-botnet business models, the

Anatomy of a Botnet - تواناAnatomy of a Botnet 1 Executive Summary ... Fueled by innovations like do-it-yourself botnet construction kits and rent-a-botnet business models, the

Big Data Analytics framework for Peer-to-Peer Botnet ... · Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests ... Botnet detection Machine learning

Big Data Analytics framework for Peer-to-Peer Botnet ... · Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests ... Botnet detection Machine learning

Analysis of Peer-to-Peer Botnet Attacks and Defensesczou/research/Chapter-analyze-botnet.pdf · 2014-11-07 · mail: lwu4@ncsu.edu Baber Aslam National University of Sciences & Technology,

Analysis of Peer-to-Peer Botnet Attacks and Defensesczou/research/Chapter-analyze-botnet.pdf · 2014-11-07 · mail: [email protected] Baber Aslam National University of Sciences & Technology,

Network Based Peer-To-Peer Botnet Detection - irjet.net · Key Words: Botnet, Netflow, Nfdump, Nfsen, P2P Botnet, Zbot 1. INTRODUCTION We live in a world where computer technology

Network Based Peer-To-Peer Botnet Detection - irjet.net · Key Words: Botnet, Netflow, Nfdump, Nfsen, P2P Botnet, Zbot 1. INTRODUCTION We live in a world where computer technology

RatBot: Anti-Enumeration Peer-to-Peer Botnetssqchen/publications/ISC-2011.pdf · RatBot: Anti-Enumeration Peer-to-Peer Botnets ... countermeasures against RatBot and draw concluding

RatBot: Anti-Enumeration Peer-to-Peer Botnetssqchen/publications/ISC-2011.pdf · RatBot: Anti-Enumeration Peer-to-Peer Botnets ... countermeasures against RatBot and draw concluding

Mariposa Botnet

Mariposa Botnet

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

Your Botnet is My Botnet : Analysis of a Botnet Takeover

Your Botnet is My Botnet : Analysis of a Botnet Takeover

Study of Peer-to-Peer Network Based Cybercrime ... · Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies by Mark Scanlon, B.A. (Hons.),

Study of Peer-to-Peer Network Based Cybercrime ... · Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies by Mark Scanlon, B.A. (Hons.),

Your Botnet is My Botnet: Analysis of a Botnet TakeoverWhile botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis

Your Botnet is My Botnet: Analysis of a Botnet TakeoverWhile botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

An Evaluation model of botnet based on peer to peer

An Evaluation model of botnet based on peer to peer