Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20\%.
%0 Conference Paper
%1 bock2015detecting
%A Böck, Leon
%A Karuppayah, Shankar
%A Grube, Tim
%A Mühlhäuser, Max
%A Fischer, Mathias
%B IEEE Conference on Communications and Network Security
%D 2015
%K botnet detection myown p2p sensor
%P 731--732
%T Hide And Seek: Detecting Sensors In P2P Botnets
%X Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20\%.
@inproceedings{bock2015detecting,
abstract = {Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20{\%}.},
added-at = {2016-11-25T13:45:41.000+0100},
author = {B{\"{o}}ck, Leon and Karuppayah, Shankar and Grube, Tim and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
biburl = {https://www.bibsonomy.org/bibtex/2cfd02c173720be76cb3e5e6dd6d7b825/kshankar},
booktitle = {IEEE Conference on Communications and Network Security},
interhash = {fa3ffc679ef430ed3f2cfce14a3cab0f},
intrahash = {cfd02c173720be76cb3e5e6dd6d7b825},
keywords = {botnet detection myown p2p sensor},
pages = {731--732},
timestamp = {2017-01-05T12:20:46.000+0100},
title = {{Hide And Seek: Detecting Sensors In P2P Botnets}},
year = 2015
}