Next Generation P2P Botnets: Monitoring Under Adverse Conditions

Böck, Leon; Vasilomanolakis, Emmanouil; Mühlhäuser, Max; Karuppayah, Shankar

doi:10.1007/978-3-030-00470-5_24

Cited by 12 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Karuppayah et al 59 studied the detection of crawlers in botnets and conducted experimental evaluations in real‐world botnets. Böck et al 60 pointed out the possible challenges in botnet detection and shared some new ideas. Vormayr et al 61 summarized the communication topologies of various botnets that have ever appeared.…”

Section: Related Workmentioning

confidence: 99%

A comprehensive study of Mozi botnet

Qin

Zhang

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

With the trend of digital transformation of enterprises, the use of Internet of Things (IoT) devices is increasing. IoT devices that are not protected by security measures have gradually become targets of attackers. Attackers use weak passwords and software vulnerabilities in the device to invade the device and control it to become a node of the botnet. The Mozi botnet was discovered in December 2019, and its attention has increased day by day, and its influence once exceeded Mirai. After a preliminary reverse analysis of the Mozi samples, we have continued to track the development and changes of the Mozi botnet since February 2021. First, through the in-depth analysis of the communication principles of the Mozi botnet and the distributed sloppy hash table protocol, we have proposed an in-depth analysis of the Mozi botnet. The active detection method of Mozi, through daily and continuous tracking of the number of Mozi nodes, is infinitely close to the boundary of the Mozi network. On the basis of the collected detection data, we give our conclusions on Mozi's node size, global geographic distribution, 24-hour global activity, equipment composition, and Mozi botnet countermeasures.Through this study, we found that the security of IoT devices around the world is not optimistic, and there is an urgent need to increase the security protection

show abstract

Section: Related Workmentioning

confidence: 99%

A comprehensive study of Mozi botnet

Qin

Zhang

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

show abstract

“…If unstructured P2P botnets have power‐law degree distribution, then researchers use the scale‐free model for their analysis. As in most of the unstructured botnets, the connections of each bot are usually limited to a certain number, and even the number of peers in a peer‐list is fixed [12], so they are random networks.…”

Section: P2p Botnetmentioning

confidence: 99%

Reconstruction of C&C channel for P2P botnet

Dehkordi

Sadeghiyan

2020

IET Communications

View full text Add to dashboard Cite

“…The reasoning behind this argument is well studied [ZLK10], and can be summarized in the following: detectors, e.g., anomaly detection algorithms, can be improved by enhancing the input data, alert correlation is more effective when the data volume increases, a number of attacks, e.g., malware spreading, can be contained even before seen locally when they are anticipated as a result of collaboration. For instance, Böck et al [BVMK18] recently showed that correlation of data from different sensors is necessary to enumerate advanced P2P botnets. Collaborative Intrusion Detection Systems (CIDSs) further formulate the aforesaid idea by implementing it in the form of a system [VKMF15].…”

Section: Collaborative Security and Cidssmentioning

confidence: 99%

TRIDEnT: Building Decentralized Incentives for Collaborative Security

Alexopoulos,

Vasilomanolakis,

Roux

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

Sophisticated mass attacks, especially when exploiting zero-day vulnerabilities, have the potential to cause destructive damage to organizations and critical infrastructure. To timely detect and contain such attacks, collaboration among the defenders is critical. By correlating real-time detection information (alerts) from multiple sources (collaborative intrusion detection), defenders can detect attacks and take the appropriate defensive measures in time. However, although the technical tools to facilitate collaboration exist, real-world adoption of such collaborative security mechanisms is still underwhelming. This is largely due to a lack of trust and participation incentives for companies and organizations. This paper proposes TRIDEnT, a novel collaborative platform that aims to enable and incentivize parties to exchange network alert data, thus increasing their overall detection capabilities. TRIDEnT allows parties that may be in a competitive relationship, to selectively advertise, sell and acquire security alerts in the form of (near) real-time peer-to-peer streams. To validate the basic principles behind TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is of independent interest, and show that collaboration is bound to take place infinitely often. Furthermore, to demonstrate the feasibility of our approach, we instantiate our design in a decentralized manner using Ethereum smart contracts and provide a fully functional prototype."No one can build his security upon the nobleness of another person" -Willa Cather, Alexander's Bridge

show abstract

Next Generation P2P Botnets: Monitoring Under Adverse Conditions

Cited by 12 publications

References 18 publications

A comprehensive study of Mozi botnet

A comprehensive study of Mozi botnet

Reconstruction of C&C channel for P2P botnet

TRIDEnT: Building Decentralized Incentives for Collaborative Security

Contact Info

Product

Resources

About