Analysis of Peer-to-Peer Botnet Attacks and Defenses

A “botnet” is a network of computers that are compromised and controlled by an attacker (botmaster). Botnets are one of the most serious threats to today’s Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Due to the distributive nature of P2P networks, P2P botnets are more resilient to defense countermeasures. In this chapter, first we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, C&C communication mechanisms/protocols, and mitigation approaches. Then we provide mathematical analysis of two P2P botnet elimination approaches – index poisoning defense and Sybil defense, and one P2P botnet monitoring technique – passive monitoring based on infiltrated honeypots or captured bots. Simulation experiments show that our mathematical analysis is accurate. Ping Wang Symantec Corporation, Lake Mary, Florida 32746, USA e-mail: [email protected] Lei Wu Department of Computer Science, North Carolina State University, Raleigh, NC 27695, USA email: [email protected] Baber Aslam National University of Sciences & Technology, Islamabad, Pakistan e-mail: baber-mcs@nust. edu.pk Cliff C. Zou Department of Electrical Engineering & Computer Science, University of Central Florida, Orlando, Fl 32816, USA e-mail: [email protected]