Title :
A Taxonomy of Botnet Structures
Author :
Dagon, David ; Gu, Guofei ; Lee, Christopher P. ; Lee, Wenke
Author_Institution :
Georgia Inst. of Technol., Atlanta
Abstract :
We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that targeted responses are particularly effective against scale free botnets and efforts to increase the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation and demonstrate the utility of our proposed metrics by performing novel measurements of a P2P network. Our analysis shows how botnets may be classified according to structure and given rank or priority using our proposed metrics. This may help direct responses and suggests which general remediation strategies are more likely to succeed.
Keywords :
computer viruses; graph theory; peer-to-peer computing; P2P network; botmaster; botnet structures; general remediation strategy; performance metrics; random graph botnets; response techniques; scale free botnets; taxonomy; Application software; Bandwidth; Computer security; Costs; Degradation; Measurement; Network topology; Performance evaluation; Robustness; Taxonomy;
Conference_Titel :
Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
978-0-7695-3060-4
DOI :
10.1109/ACSAC.2007.44
