A Taxonomy of Botnet Structures

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI:10.1109/ACSAC.2007.44

D. Dagon, G. Gu, Christopher P. Lee, Wenke Lee

{"title":"A Taxonomy of Botnet Structures","authors":"D. Dagon, G. Gu, Christopher P. Lee, Wenke Lee","doi":"10.1109/ACSAC.2007.44","DOIUrl":null,"url":null,"abstract":"We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that targeted responses are particularly effective against scale free botnets and efforts to increase the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation and demonstrate the utility of our proposed metrics by performing novel measurements of a P2P network. Our analysis shows how botnets may be classified according to structure and given rank or priority using our proposed metrics. This may help direct responses and suggests which general remediation strategies are more likely to succeed.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"314","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACSAC.2007.44","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 314

Abstract

We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that targeted responses are particularly effective against scale free botnets and efforts to increase the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation and demonstrate the utility of our proposed metrics by performing novel measurements of a P2P network. Our analysis shows how botnets may be classified according to structure and given rank or priority using our proposed metrics. This may help direct responses and suggests which general remediation strategies are more likely to succeed.

查看原文本刊更多论文

僵尸网络结构的分类

我们提出了一种基于它们对僵尸管理员的效用的僵尸网络结构的分类。我们提出关键指标来衡量它们对各种活动(例如，垃圾邮件、ddos)的效用。使用这些性能指标，我们考虑了不同响应技术降低或破坏僵尸网络的能力。特别是，我们的模型表明，目标响应对无规模僵尸网络特别有效，而增加无规模网络鲁棒性的努力是以降低传递性为代价的。在无尺度网络中，botmaster似乎没有任何结构性的解决方案。我们还表明，随机图僵尸网络(例如，使用P2P形式的僵尸网络)对随机和目标响应都具有高度的抵抗力。我们使用模拟来评估响应对不同拓扑结构的影响，并通过对P2P网络进行新颖的测量来证明我们提出的指标的实用性。我们的分析显示了如何使用我们提出的指标根据结构和给定的等级或优先级对僵尸网络进行分类。这可能有助于指导反应，并建议哪种一般补救策略更有可能成功。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

自引率

0.00%

发文量