Reconstruction of C&C Channel for Structured P2P Botnet
share
Botnets are problematic malware and a big challenge for researchers who have always been unsuccessful in preventing their attacks. Not only have P2P botnets increased the robustness of C&C channels, they have also made the detection of botmaster harder. In this paper the topologies of C&C channel of P2P botnets are reconstructed for an easier containment of P2P botnets and for helping the investigator with his guessing in the detection of command issuing sources. In the method presented in this paper, the connections between nodes are estimated by collecting receiving times of several cascades and by having random network parameters of C&C channel. In the simulation of structured P2P botnet, by collecting the receiving times of 22 cascades in a 1000-member network with mean node degree 50, our method accurately estimates more than 90 of the edges. If the receiving times of just half of the nodes are collected, by having 95 cascades, this recall is obtained.
READ FULL TEXT
