BotGrep: Finding P2P bots with structured graph analysis

Shishir Nagaraja, Prateek Mittal, Chi Yao Hong, Matthew Caesar, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A key feature that distinguishes modern botnets from earlier counterparts is their increasing use of structured overlay topologies. This lets them carry out sophisticated coordinated activities while being resilient to churn, but it can also be used as a point of detection. In this work, we devise techniques to localize botnet members based on the unique communication patterns arising from their overlay topologies used for command and control. Experimental results on synthetic topologies embedded within Internet traffic traces from an ISP’s backbone network indicate that our techniques (i) can localize the majority of bots with low false positive rate, and (ii) are resilient to incomplete visibility arising from partial deployment of monitoring systems and measurement inaccuracies from dynamics of background traffic.

Original languageEnglish (US)
Title of host publicationProceedings of the 19th USENIX Security Symposium
PublisherUSENIX Association
Pages95-110
Number of pages16
ISBN (Electronic)9781931971775
StatePublished - 2010
Event19th USENIX Security Symposium - Washington, United States
Duration: Aug 11 2010Aug 13 2010

Publication series

NameProceedings of the 19th USENIX Security Symposium

Conference

Conference19th USENIX Security Symposium
CountryUnited States
CityWashington
Period8/11/108/13/10

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'BotGrep: Finding P2P bots with structured graph analysis'. Together they form a unique fingerprint.

  • Cite this

    Nagaraja, S., Mittal, P., Hong, C. Y., Caesar, M., & Borisov, N. (2010). BotGrep: Finding P2P bots with structured graph analysis. In Proceedings of the 19th USENIX Security Symposium (pp. 95-110). (Proceedings of the 19th USENIX Security Symposium). USENIX Association.