A Taxonomy of Botnet Structures (original) (raw)
2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that targeted responses are particularly effective against scale free botnets and efforts to increase the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation and demonstrate the utility of our proposed metrics by performing novel measurements of a P2P network. Our analysis shows how botnets may be classified according to structure and given rank or priority using our proposed metrics. This may help direct responses and suggests which general remediation strategies are more likely to succeed. Major Botnet Utilities Key Metrics Suggested Variables Comment Effectiveness Giant portion S Large numbers of victims increases the likelihood of high-bandwidth bots. Diurnal behavior favors S over total population. Ave. Avail. Bandwidth B Average bandwidth available at any time, because of variations in total victim bandwidth, use by victims, and diurnal changes. Efficiency Diameter l −1 Bots sending messages to each other and coordinating activities require efficient communications. Robustness Local transitivity γ Bots maintaining state (e.g., keycracking or mirroring files) require redundancy to guard against random loss. Highly transitive networks are more robust.
Sign up for access to the world's latest research.
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.
Related papers
Ijca Proceedings on International Conference on Recent Trends in Information Technology and Computer Science, 2012