CRESTBOT: A New Family of Resilient Botnets
IEEE Global Telecommunications Conference (Globecom)(2008)
摘要
We show that it is possible to design botnet structures called CRESTBOT based on extractor graphs which are highly resilient to command-and-control (C&C) take-downs, yet do not require significant changes to existing botnet designs and codes, and do not suffer from the implementation complexity of P2P-based and hybrid structures. The UDP family of CRESTBOT is shown to be able to send commands from the botmaster much faster than traditional botnet. Our analyses are validated by extensive experiments on Emulab. Our results prove that current C&C-takedown solutions are ineffective against well designed botnets such as our CRESTBOT. Secondly, short UDP commands can be as reliable as TCP commands with much less time consumption. Third, extremely fast command issuing is possible, which at first glance might seem beneficial to the attacker; however, it might also be of use for the "good guys" when certain race conditions are desired such as software patching or quick bot takedowns.
更多查看译文
关键词
CRESTBOT,bot,botnet,resiliency,expander
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络