Detection of Botnets Using Honeypots and P2P Botnets
Rajab Challoo & Raghavendra Kotapalli
Detection of Botnets Using Honeypots and P2P Botnets
Rajab Challoo
Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA
kfrc000@tamuk.edu
Raghavendra Kotapalli
Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA
raghavsan@gmail.com
Abstract A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain, and it is controlled by an attacker (bot-herder). One of the counter measures proposed in recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot, would take adequate steps to maintain the botnet and hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by constructing a peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation results show that our method is very effective and can detect the botnets that are intended to malign the network. Keywords: Peer-to-peer network, Botnet, Honeypot, Hijacking.
1. INTRODUCTION
The Increase in the Internet malware in the recent attacks have attracted considerable amount of attraction towards botnets. Some of them include Email spamming, Key logging, click fraud and traffic sniffing [1]. Recently detected dangerous botnets include Mariposa (2008), officla (2009) and TDSS (2010). The scatter attacks done by the bot controllers using a program called bot which communicates with other botnets and receive the commands from Command and Control servers [3]. As the traditional botnets, which are designed to operate from a central source (bot-attackers machine) which can be shutdown if the source is pin-pointed by the security agencies, bot masters use or resort to peer to peer (P2P) botnets which do not have a
Detection of Botnets Using Honeypots and P2P Botnets
Rajab Challoo
Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA
kfrc000@tamuk.edu
Raghavendra Kotapalli
Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA
raghavsan@gmail.com
Abstract A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain, and it is controlled by an attacker (bot-herder). One of the counter measures proposed in recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot, would take adequate steps to maintain the botnet and hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by constructing a peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation results show that our method is very effective and can detect the botnets that are intended to malign the network. Keywords: Peer-to-peer network, Botnet, Honeypot, Hijacking.
1. INTRODUCTION
The Increase in the Internet malware in the recent attacks have attracted considerable amount of attraction towards botnets. Some of them include Email spamming, Key logging, click fraud and traffic sniffing [1]. Recently detected dangerous botnets include Mariposa (2008), officla (2009) and TDSS (2010). The scatter attacks done by the bot controllers using a program called bot which communicates with other botnets and receive the commands from Command and Control servers [3]. As the traditional botnets, which are designed to operate from a central source (bot-attackers machine) which can be shutdown if the source is pin-pointed by the security agencies, bot masters use or resort to peer to peer (P2P) botnets which do not have a