![]() ![]() īotnets can either adopt a centralized or a distributed architecture for their command-and-control (C&C) communications. Botnets are being touted as the largest threat to modern networks. on a massive scale, and generate millions of dollars per year in revenue for the bot-master. Botnets are employed for spamming, Bitcoin mining, click-fraud scams, distributed denial of service (DDoS) attacks, etc. The ability to remotely command such bots coupled with the sheer size of botnets (numbering to tens of thousands of bots) gives the bot-masters immense power to perform nefarious activities. A network of such compromised end-hosts under the remote command of a master (i.e., the bot-master) is called a ‘Botnet’. ![]() A ‘bot’ is a computer program which enables the operator to remotely control the infected system where it is installed. This resilience offered by P2P networks has also attracted the attention of adversaries in the form of bot-masters (a.k.a. Īs P2P networks are inherently modeled without any centralized server, they lack a single point of failure. Such issues, coupled with the advent of other popular content-sharing platforms (like YouTube and Netflix) have led to decline in the share of P2P applications over the Internet to a mere 10%. However, the P2P paradigm has been plagued with issues of privacy, security, and piracy to name a few. Apart from these, P2P paradigm has also been widely deployed for IPTV (LiveStation) and voice over IP-based services (Skype a). The immense success of P2P applications is primarily attributed to the ease of resource sharing provided by them - be it in the form of music, videos, files (BitTorrent), or sharing of computing resources (SETI home project). The construction of P2P networks is on the top of IP layer, typically with a decentralized protocol allowing ‘peers’ to share resources. They also operate without requiring the intermediation or support of a global centralized server or authority. P2P networks have the ability to accommodate a transient population of nodes while maintaining acceptable connectivity and performance. They are built with specific purposes of sharing resources such as content, CPU cycles, storage, and bandwidth. Peer-to-peer overlay networks are distributed systems consisting of interconnected nodes which self-organize into network topologies. As an increasing number of users got access to powerful processors, large storage spaces, and increasing bandwidths, P2P networks presented a great opportunity to share and mobilize resources. In the beginning of the twenty-first century, the P2P architecture attracted a lot of attention of developers and end-users alike, with the share of P2P over the Internet in different continents being reported to be in the range of 45% to 70%. The past decade has seen the immense rise of the peer-to-peer (P2P) computing paradigm. PeerShark PeerShark could also detect unknown P2P botnet traffic with high accuracy. By extracting statistical features from the network traces of P2P applications and botnets, we build supervised machine learning models which can accurately differentiate between benign P2P applications and P2P botnets. Our approach PeerShark PeerShark combines the benefits of flow-based and conversation-based approaches with a two-tier architecture, and addresses the limitations of these approaches. LIVESTATION TROJAN PASSWORDThat is, we aim to detect P2P botnets when they lie dormant (to evade detection by intrusion detection systems) or while they perform malicious activities (spamming, password stealing, etc.) in a manner which is not observable to a network administrator. It aims to detect the stealthy behavior of P2P botnets. Our approach neither assumes the availability of any ‘seed’ information of bots nor relies on deep packet inspection. In this paper, we present a methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Moreover, smarter bots are stealthy in their communication patterns and elude the standard discovery techniques which look for anomalous network or communication behavior. P2P botnets are not prone to any single point of failure and have been proven to be highly resilient against takedown attempts. The distributed and decentralized nature of peer-to-peer (P2P) networks has offered a lucrative alternative to bot-masters to build botnets. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |