P2P Botnet Prevention With The Help of Sybil Attack

  • Sagar M Mane University of Pune
  • Avadhoot S Joshi
  • Vishal V Bhanawase
Keywords: Botnet, P2P Botnet, Index, poisoning, Sybil attack, Kademlia Protocol

Abstract

—“Botnet” is a network of computers that are compromised and controlled by an attacker. Botnets are one of the most serious threats to today’s Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Without central C&C servers, P2P botnets are more resilient to defences and countermeasures than traditional centralized botnets. In this paper, we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, C&C mechanisms and communication protocols, and mitigation approaches. We carefully study two defence approaches: index poisoning and Sybil attack. According to the common idea shared by them, we are able to give analytical results to evaluate their performance. We also propose possible counter techniques which might be developed by attackers against index poisoning and Sybil attack defences. In addition, we obtain one interesting finding: compared to traditional centralized botnets, by using index poisoning technique, it is easier to shut down or at least effectively mitigate P2P botnets that adopt existing P2P protocols and rely on file index to disseminate commands.

References

[1] Abhijeet B. Potey, Prof.Anjali B.Raut “Defending Sybil Using Social Network”, International Journal of Engineering and Computer Science (IJECS) Volume 2 Issue, Page No. 196-199, 2 Feb 2013. [2] “Botnets - the evolving nature of adversaries, tactics, techniques and procedures” Georgia Tech Cyber Security Summit, 2011, Pages 6-7. [3] Joseph Massi, Sudhir Panda, Girish Rajappa, Senthil Selvaraj and Swapana Revankar “Botnet Detection and Mitigation” Proceedings of Student-Faculty Research Day, Pace University, 2010. [4] Andrew White, Alan Tickle, and Andrew Clark “Overcoming Reputation and Proof-of-Work Systems in Botnets” Fourth international Conference on Network and System Security, 2010. [5] Zhou Hangxia “Mitigating Peer-to-Peer Botnets by Sybil attacks”, International Conference on Innovative Computing and Communication and Asia-Pacific Conference on Information Technology and Ocean engineering © IEEE, 2010. [6] Oliver Jetter, Jochen Dinger, and Hannes Hartenstein “Quantitative Analysis of the Sybil Attack and Effective Sybil Resistance in Peerto-Peer Systems”, IEEE ICC proceedings, 2010. [7] Junfeng Duan, Jian Jiao, Chunhe Xia, Shan Yao, and Xiaojian Li “Descriptive Model of Peer-to-Peer Botnet Structures”, International Conference on Educational and Information Technology (lCEIT), 2010. [8] Ping Wang, Sherri Sparks, and Cliff C. Zou “An Advanced Hybrid Peer-to-Peer Botnet”, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 7, NO. 2, Pages 113-127, APRIL-JUNE 2010. [9] Ping Wang, Lei Wu, Baber Aslam and Cliff C. Zou “A Systematic Study on Peer-to-Peer Botnets” IEEE, 2009. [10] Carlton R. Davis, Jos´e M. Fernandez, and Stephen Neville “Optimising Sybil Attacks against P2P-based Botnets”, 2009. [11] Ping Wang, Lei Wu, Baber Aslam and Cliff C. Zou “A Systematic Study on Peer-to-Peer Botnets” IEEE, 2009. [12] Duc T. Ha, Guanhua Yan, Stephan Eidenbenz, and Hung Q. Ngo “On the Effectiveness of Structural Detection and Defence Against P2Pbased Botnets”, 2009. [13] Thibault Cholez, Isabelle Chrisment and Olivier Festor “Evaluation of Sybil Attacks Protection Schemes in KAD”, published in 3rd International Conference on Autonomous Infrastructure, Management and Security – AIMS, 2009. [14] Robert F. Erbacher, Adele Cutler, Pranab Banerjee, and Jim Marshall “A Multi-Layered Approach to Botnet Detection”, 2008. [15] Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, and Felix Freiling “Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm”, 2008. [16] Reinier Schoof and Ralph Koning “Detecting peer-to-peer botnets”, 2007. [17] Antti Nummipuro “Detecting P2P-Controlled Bots on the Host” Seminar on Network security, 2007. [18] Daniel Stutzbach and Reza Rejaie “Improving Lookup Performance over a Widely-Deployed DHT”, infocom, 2006. [19] “Kademlia: A Design Specification”, the XLattice Project, 20032006.
[20] John R. Douceur “The Sybil Attack”, in the proceeding of first international workshop on peer-to-peer systems (IPTPS), Pages 251256, 2002. [21] Petar Maymounkov and David Mazi`eres “Kademlia: A Peer-to-peer Information System Based on the XOR Metric”. [22] Benedikt Westermann, Andriy Panchenko, and Lexi Pimenidis “A Kademlia-based Node Lookup System for Anonymization Networks”. [23] Isabel Pita and Adrian Riesco “Specifying and Analysing the Kademlia Protocol in Maude*”. [24] Manoj Rameshchandra Thakur “Distributed and Cooperative Approach to Botnet Detection Using Gossip Protocol”. [25] Moritz Steiner, Taoufik En-Najjary, and Ernst W. Biersack “Exploiting KAD: Possible Uses and Misuses”. [26] M. Patrick Collins, Timothy J. Shimeall, Sidney Faber, Jeff Janies, Rhiannon Weaver, and Markus De Shon “Using uncleanliness to predict future botnet addresses”. [27] Kademlia - Wikipedia, the free encyclopedia. [28] Distributed hash table - Wikipedia, the free encyclopedia.
Published
2017-12-17
How to Cite
Mane, S., Joshi, A., & Bhanawase, V. (2017). P2P Botnet Prevention With The Help of Sybil Attack. Asian Journal For Convergence In Technology (AJCT) ISSN -2350-1146, 2(2). Retrieved from http://www.asianssr.org/index.php/ajct/article/view/109
Issue
Vol 2 (2016): Issue III
Section
Article

To ensure uniformity of treatment among all contributors, other forms may not be substituted for this form, nor may any wording of the form be changed. This form is intended for original material submitted to AJCT and must accompany any such material in order to be published by AJCT. Please read the form carefully.
The undersigned hereby assigns to the Asian Journal of Convergence in Technology Issues ("AJCT") all rights under copyright that may exist in and to the above Work, any revised or expanded derivative works submitted to AJCT by the undersigned based on the Work, and any associated written, audio and/or visual presentations or other enhancements accompanying the Work. The undersigned hereby warrants that the Work is original and that he/she is the author of the Work; to the extent the Work incorporates text passages, figures, data or other material from the works of others, the undersigned has obtained any necessary permission. See Retained Rights, below.

AUTHOR RESPONSIBILITIES
AJCT distributes its technical publications throughout the world and wants to ensure that the material submitted to its publications is properly available to the readership of those publications. Authors must ensure that The Work is their own and is original. It is the responsibility of the authors, not AJCT, to determine whether disclosure of their material requires the prior consent of other parties and, if so, to obtain it.

RETAINED RIGHTS/TERMS AND CONDITIONS
1. Authors/employers retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
2. Authors/employers may reproduce or authorize others to reproduce The Work and for the author's personal use or for company or organizational use, provided that the source and any AJCT copyright notice are indicated, the copies are not used in any way that implies AJCT endorsement of a product or service of any employer, and the copies themselves are not offered for sale.
3. Authors/employers may make limited distribution of all or portions of the Work prior to publication if they inform AJCT in advance of the nature and extent of such limited distribution.
4. For all uses not covered by items 2 and 3, authors/employers must request permission from AJCT.
5. Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.

INFORMATION FOR AUTHORS
AJCT Copyright Ownership
It is the formal policy of AJCT to own the copyrights to all copyrightable material in its technical publications and to the individual contributions contained therein, in order to protect the interests of AJCT, its authors and their employers, and, at the same time, to facilitate the appropriate re-use of this material by others.
Author/Employer Rights
If you are employed and prepared the Work on a subject within the scope of your employment, the copyright in the Work belongs to your employer as a work-for-hire. In that case, AJCT assumes that when you sign this Form, you are authorized to do so by your employer and that your employer has consented to the transfer of copyright, to the representation and warranty of publication rights, and to all other terms and conditions of this Form. If such authorization and consent has not been given to you, an authorized representative of your employer should sign this Form as the Author.
Reprint/Republication Policy
AJCT requires that the consent of the first-named author and employer be sought as a condition to granting reprint or republication rights to others or for permitting use of a Work for promotion or marketing purposes.

GENERAL TERMS

1. The undersigned represents that he/she has the power and authority to make and execute this assignment.
2. The undersigned agrees to indemnify and hold harmless AJCT from any damage or expense that may arise in the event of a breach of any of the warranties set forth above.
3. In the event the above work is accepted and published by AJCT and consequently withdrawn by the author(s), the foregoing copyright transfer shall become null and void and all materials embodying the Work submitted to AJCT will be destroyed.
4. For jointly authored Works, all joint authors should sign, or one of the authors should sign as authorized agent
for the others.

Licenced by :

Creative Commons Attribution 4.0 International License.

 

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.