Statistical Assessment of Sybil-Placement Strategies within DHT-Structured Peer-to-Peer Botnets

Botnets are a well recognized global cyber-security threat as they enable attack communities to command large collections of compromised computers (bots) on-demand. Peer to-peer (P2P) distributed hash tables (DHT) have become particularly attractive botnet command and control (C & C) solutions due to the high level resiliency gained via the diffused random graph overlays they produce. The injection of Sybils, computers pretending to be valid bots, remains a key defensive strategy against DHT-structured P2P botnets. This research uses packet level network simulations to explore the relative merits of random, informed, and partially informed Sybil placement strategies. It is shown that random placements perform nearly as effectively as the tested more informed strategies, which require higher levels of inter-defender co-ordination. Moreover, it is shown that aspects of the DHT-structured P2P botnets behave as statistically nonergodic processes, when viewed from the perspective of stochastic processes. This suggests that although optimal Sybil placement strategies appear to exist they would need carefully tuning to each specific P2P botnet instance.

[1]  Jelena Mirkovic,et al.  Distributed worm simulation with a realistic Internet model , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[2]  H. Hethcote Three Basic Epidemiological Models , 1989 .

[3]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[4]  Teghan Godkin,et al.  Statistical Assessment of Peer-to-Peer Botnet Features , 2013 .

[5]  Lei Wu,et al.  A Systematic Study on Peer-to-Peer Botnets , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[6]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[7]  Karl N. Levitt,et al.  A hybrid quarantine defense , 2004, WORM '04.

[8]  Sudhir Agarwal Performance analysis of peer-to-peer botnets using "The Storm Botnet" as an exemplar , 2010 .

[9]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[10]  Michael Scharf,et al.  Realistic simulation environments for IP-based networks , 2008, Simutools 2008.

[11]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[12]  John McHugh,et al.  Sybil attacks as a mitigation strategy against the Storm botnet , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[13]  Zhen Jin,et al.  Modeling and analyzing of botnet interactions , 2011 .

[14]  Deepali Arora,et al.  STARS: A Framework for Statistically Rigorous Simulation-Based Network Research , 2011, 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications.

[15]  Igor V. Kotenko,et al.  Agent‐based simulation of cooperative defence against botnets , 2012, Concurr. Comput. Pract. Exp..

[16]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[17]  Masood Khosroshahy,et al.  The SIC botnet lifecycle model: A step beyond traditional epidemiological models , 2013, Comput. Networks.

[18]  Meng-Han Tsai,et al.  C&C tracer: Botnet command and control behavior tracing , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[19]  José M. Fernandez,et al.  Optimising sybil attacks against P2P-based botnets , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[20]  Hassen Saïdi,et al.  A Foray into Conficker's Logic and Rendezvous Points , 2009, LEET.

[21]  Giorgio Ventre,et al.  Network Simulator NS2 , 2008 .

[22]  Murat Kantarcioglu,et al.  A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model , 2010, GameSec.

[23]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[24]  Yasir Saleem,et al.  Network Simulator NS-2 , 2015 .

[25]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.