Peer-to-peer botnets: overview and case study Export

@inproceedings{grizzard-etal-hotbots07, abstract = {Botnets have recently been identified as one of the most important threats to the security of the Internet. Traditionally, botnets organize themselves in an hierarchical manner with a central command and control location. This location can be statically defined in the bot, or it can be dynamically defined based on a directory server. Presently, the centralized characteristic of botnets is useful to security professionals because it offers a central point of failure for the botnet. In the near future, we believe attackers will move to more resilient architectures. In particular, one class of botnet structure that has entered initial stages of development is peer-to-peer based architectures. In this paper, we present an overview of peer-to-peer botnets. We also present a case study of a Kademlia-based Trojan.Peacomm bot.}, address = {Berkeley, CA, USA}, author = {Grizzard, Julian B. and Sharma, Vikram and Nunnery, Chris and Kang, Brent B. and Dagon, David}, booktitle = {HotBots'07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets}, citeulike-article-id = {3253369}, citeulike-linkout-0 = {http://portal.acm.org/citation.cfm?id=1323129}, keywords = {botnets, case-study}, location = {Cambridge, MA}, pages = {1}, posted-at = {2008-09-14 09:10:40}, priority = {2}, publisher = {USENIX Association}, title = {Peer-to-peer botnets: overview and case study}, url = {http://portal.acm.org/citation.cfm?id=1323129}, year = {2007} }

TY - CONF ID - grizzard-etal-hotbots07 L3 - citeulike-article-id:3253369 N2 - Botnets have recently been identified as one of the most important threats to the security of the Internet. Traditionally, botnets organize themselves in an hierarchical manner with a central command and control location. This location can be statically defined in the bot, or it can be dynamically defined based on a directory server. Presently, the centralized characteristic of botnets is useful to security professionals because it offers a central point of failure for the botnet. In the near future, we believe attackers will move to more resilient architectures. In particular, one class of botnet structure that has entered initial stages of development is peer-to-peer based architectures. In this paper, we present an overview of peer-to-peer botnets. We also present a case study of a Kademlia-based Trojan.Peacomm bot. CY - Cambridge, MA AD - Berkeley, CA, USA EP - 1 TI - Peer-to-peer botnets: overview and case study PB - USENIX Association T2 - HotBots'07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets SP - 1 KW - botnets KW - case-study AU - Grizzard, Julian AU - Sharma, Vikram AU - Nunnery, Chris AU - Kang, Brent AU - Dagon, David PY - 2007/// UR - http://portal.acm.org/citation.cfm?id=1323129 ER -