DMCA
BotGrep: Finding P2P Bots with Structured Graph Analysis
Cached
Download Links
| Citations: | 42 - 3 self |
BibTeX
@MISC{Nagaraja_botgrep:finding,
author = {Shishir Nagaraja and Prateek Mittal and Chi-yao Hong and Matthew Caesar and Nikita Borisov},
title = {BotGrep: Finding P2P Bots with Structured Graph Analysis},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
A key feature that distinguishes modern botnets from earlier counterparts is their increasing use of structured overlay topologies. This lets them carry out sophisticated coordinated activities while being resilient to churn, but it can also be used as a point of detection. In this work, we devise techniques to localize botnet members based on the unique communication patterns arising from their overlay topologies used for command and control. Experimental results on synthetic topologies embedded within Internet traffic traces from an ISP’s backbone network indicate that our techniques (i) can localize the majority of bots with low false positive rate, and (ii) are resilient to incomplete visibility arising from partial deployment of monitoring systems and measurement inaccuracies from dynamics of background traffic. 1
Keyphrases
structured graph analysis finding p2p bot unique communication pattern overlay topology modern botnets botnet member sophisticated coordinated activity increasing use measurement inaccuracy synthetic topology partial deployment background traffic low false positive rate internet traffic trace experimental result key feature isp backbone network structured overlay topology
