Title :
Sub-Botnet Coordination Using Tokens in a Switched Network
Author :
Shirley, Brandon ; Mano, Chad D.
Author_Institution :
Dept. of Comput. Sci., Utah State Univ., Logan, UT
Abstract :
Botnets have evolved to incorporate peer-to-peer communication for the purpose of better hiding the administrative source of the botnet. Current botnet detection mechanisms identify network traffic patterns at strategic locations within a network such as the gateway. As detection techniques improve, botnet design will continue to evolve to evade detection; thus, it is advantageous to identify potential future botnet models for the purpose of developing defense mechanisms before an actual new attack type is seen in the wild. This paper presents a model for coordinating external communication among bots located within the same switched network. This model prevents a gateway-based monitor from correlating external communication dialogs as the internal source of the communication is not a single bot-host. Future phases of this project include developing efficient techniques for mitigating this potential future botnet model.
Keywords :
invasive software; peer-to-peer computing; token networks; botnet design; botnet detection mechanism; botnet models; external communication dialogs; gateway-based monitor; network traffic patterns; peer-to-peer communication; sub-botnet coordination; switched network; Command and control systems; Communication switching; Communication system security; Internet; Large-scale systems; Monitoring; Peer to peer computing; Telecommunication traffic; Traffic control; Web server;
Conference_Titel :
Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE
Conference_Location :
New Orleans, LO
Print_ISBN :
978-1-4244-2324-8
DOI :
10.1109/GLOCOM.2008.ECP.418
