TY - GEN
T1 - Modeling peer-to-peer botnets
AU - Van Ruitenbeek, Elizabeth
AU - Sanders, William H.
PY - 2008
Y1 - 2008
N2 - Peer-to-peer botnets are a relatively new yet rapidly growing Internet threat. In the year since its introduction in January 2007, the Storm Worm peer-to-peer botnet has become the largest botnet on the Internet. Unlike previous botnets operating over IRC channels, the Storm Worm botnet uses a decentralized peer-to-peer network to communicate among the bots and to control their computing power. While a centralized control structure can be toppled relatively easily by finding and disconnecting the head, a decentralized control structure is much harder to dismantle. Given this reality, security researchers must find new ways to defend against peer-to-peer botnets. Toward that aim, we have developed a stochastic model of peer-to-peer botnet formation to provide insight on possible defense tactics. We use the stochastic model to examine how different factors impact the growth of the botnet. Simulation results from the model evaluate the effectiveness both of prevention measures and of detection and disinfection methods. In this way, the simulation results from our peer-to-peer botnet model provide guidance for the design of future anti-malware systems.
AB - Peer-to-peer botnets are a relatively new yet rapidly growing Internet threat. In the year since its introduction in January 2007, the Storm Worm peer-to-peer botnet has become the largest botnet on the Internet. Unlike previous botnets operating over IRC channels, the Storm Worm botnet uses a decentralized peer-to-peer network to communicate among the bots and to control their computing power. While a centralized control structure can be toppled relatively easily by finding and disconnecting the head, a decentralized control structure is much harder to dismantle. Given this reality, security researchers must find new ways to defend against peer-to-peer botnets. Toward that aim, we have developed a stochastic model of peer-to-peer botnet formation to provide insight on possible defense tactics. We use the stochastic model to examine how different factors impact the growth of the botnet. Simulation results from the model evaluate the effectiveness both of prevention measures and of detection and disinfection methods. In this way, the simulation results from our peer-to-peer botnet model provide guidance for the design of future anti-malware systems.
UR - http://www.scopus.com/inward/record.url?scp=56649088308&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=56649088308&partnerID=8YFLogxK
U2 - 10.1109/QEST.2008.43
DO - 10.1109/QEST.2008.43
M3 - Conference contribution
AN - SCOPUS:56649088308
SN - 9780769533605
T3 - Proceedings - 5th International Conference on the Quantitative Evaluation of Systems, QEST 2008
SP - 307
EP - 316
BT - Proceedings - 5th International Conference on the Quantitative Evaluation of Systems, QEST 2008
T2 - 5th International Conference on the Quantitative Evaluation of Systems, QEST 2008
Y2 - 14 September 2008 through 17 September 2008
ER -