Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm

TLDR

Botnets are networks of compromised machines controlled by attackers through a central server, but the first peer‑to‑peer (P2P) botnets appeared recently. The paper proposes a methodology to analyze and mitigate P2P botnets, illustrated through a detailed case study of the Storm Worm botnet. The authors analyze the Storm Worm botnet by infiltrating it, estimating infected hosts, and then test two disruption techniques that sever the controller‑to‑bot communication, assessing their effectiveness. Infiltration revealed the size of the botnet, and the two disruption methods proved effective at breaking the controller‑bot communication.

Abstract

Botnets, i.e., networks of compromised machines under a common control infrastructure, are commonly controlled by an attacker with the help of a central server: all compromised machines connect to the central server and wait for commands. However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate P2P botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread P2P botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which allows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet and evaluate the effectiveness of these mechanisms.

References

Page 1

	Year	Citations

Page 1