Tianzuo Wang

Further Analyzing the Sybil Attack in Mitigating Peer-to-Peer Botnets

Sybil attack has been proved effective in mitigating the P2P botnet, but the impacts of some important parameters were not studied, and no model to estimate the effectiveness was proposed. In this paper, taking Kademlia-based botnets as the example, the model which has the upper and lower bound to estimate the mitigating performance of the Sybil attack is proposed. Through simulation, how three important factors affect the performance of the Sybil attack is analyzed, which is proved consistent with the model. The simulation results not only confirm that for P2P botnets in large scale, the Sybil attack is an effective countermeasure, but also imply that the model can give suggestions for the deployment of Sybil nodes to get the ideal performance in mitigating the P2P botnet.

What is the Pattern of a Botnet

As complex, flexible and efficient platforms for network attacks, botnets are considered as one of the most serious threats to current Internet security. The evolution and diversification of botnets call for a clear and fine grained taxonomy, but existing taxonomies are either incomplete or overlapping. In order to classify botnets accurately, we propose a concept called control structure to exactly and uniformly describe how botnets are controlled by botmasters. From the point of control structure, we classify botnets into certain patterns. Our taxonomy not only helps to understand botnets better, but also is useful for defenders when considering how to take down a botnet. Further, through comparison between different patterns, we predict that the P pattern and F-(O, P) pattern would be the most important trends for botnets, and the F layer would less likely appear without a P layer.

Some Critical Problems of Botnets

As a complex,flexible and effective platform for network attacking,the botnet spreads widely in the Internet.Botnets can provide the botmasters with the ability to launch large-scale malicious activities such as spamming and DDoS(Distributed Denial of Service) attacks.Botnets are continuously bringing more and more severe threats,so that the study on botnets has already become one of the focuses in the field of network security.However,in recent years,some new developments of botnets are challenging the existing understanding on botnets.In this paper,according to the new conditions of botnets and the researches in existence,a definition of botnet is proposed based on the works of other researchers,taxonomies of botnets are introduced respectively from the views of network structure,dependency and delivery pattern of CC(Command and Control) information.Then the techniques on detecting,measuring and restraining botnets are analyzed systematically.In the end,we give the evolution trends of botnets and the future research trends in this area.