Title :
CRESTBOT: A New Family of Resilient Botnets
Author :
Ha, Duc T. ; Ngo, Hung Q. ; Chandrasekaran, Madhusudhanan
Author_Institution :
Dept. of Comput. Sci. & Eng., State Univ. of New York at Buffalo, Amherst, NY
Abstract :
We show that it is possible to design botnet structures called CRESTBOT based on extractor graphs which are highly resilient to command-and-control (C&C) take-downs, yet do not require significant changes to existing botnet designs and codes, and do not suffer from the implementation complexity of P2P-based and hybrid structures. The UDP family of CRESTBOT is shown to be able to send commands from the botmaster much faster than traditional botnet. Our analyses are validated by extensive experiments on Emulab. Our results prove that current C&C-takedown solutions are ineffective against well designed botnets such as our crestbot. Secondly, short UDP commands can be as reliable as TCP commands with much less time consumption. Third, extremely fast command issuing is possible, which at first glance might seem beneficial to the attacker; however, it might also be of use for the "good guys" when certain race conditions are desired such as software patching or quick bot takedowns.
Keywords :
command and control systems; graph theory; military communication; peer-to-peer computing; CRESTBOT; P2P-based structures; TCP commands; botnet structures; command-and-control-takedown solutions; extractor graphs; Broadcasting; Computer crime; Computer science; Design engineering; Internet; National security; Peer to peer computing; Protocols; Redundancy; Relays;
Conference_Titel :
Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE
Conference_Location :
New Orleans, LO
Print_ISBN :
978-1-4244-2324-8
DOI :
10.1109/GLOCOM.2008.ECP.414
