Scholars@Duke

Revisiting botnet models and their implications for takedown strategies

Publication ,  Conference
Yen, TF; Reiter, MK
Published in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
April 9, 2012
Published version (DOI)

Several works have utilized network models to study peer-to-peer botnets, particularly in evaluating the effectiveness of strategies aimed at taking down a botnet. We observe that previous works fail to consider an important structural characteristic of networks - assortativity. This property quantifies the tendency for "similar" nodes to connect to each other, where the notion of "similarity" is examined in terms of node degree. Empirical measurements on networks simulated according to the Waledac botnet protocol, and on network traces of bots from a honeynet running in the wild, suggest that real-world botnets can be significantly assortative, even more so than social networks. By adjusting the level of assortativity in simulated networks, we show that high assortativity allows networks to be more resilient to takedown strategies than predicted by previous works, and can allow a network to "heal" itself effectively after a fraction of its nodes are removed. We also identify alternative takedown strategies that are more effective, and more difficult for the network to recover from, than those explored in previous works. © 2012 Springer-Verlag.

Duke Scholars

Michael Reiter
Author Michael Reiter Computer Science

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/978-3-642-28641-4_14

EISSN

1611-3349

ISSN

0302-9743

Publication Date

April 9, 2012

Volume

7215 LNCS

Start / End Page

249 / 268

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Yen, T. F., & Reiter, M. K. (2012). Revisiting botnet models and their implications for takedown strategies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7215 LNCS, pp. 249–268). https://doi.org/10.1007/978-3-642-28641-4_14
Yen, T. F., and M. K. Reiter. “Revisiting botnet models and their implications for takedown strategies.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7215 LNCS:249–68, 2012. https://doi.org/10.1007/978-3-642-28641-4_14.
Yen TF, Reiter MK. Revisiting botnet models and their implications for takedown strategies. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2012. p. 249–68.
Yen, T. F., and M. K. Reiter. “Revisiting botnet models and their implications for takedown strategies.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7215 LNCS, 2012, pp. 249–68. Scopus, doi:10.1007/978-3-642-28641-4_14.
Yen TF, Reiter MK. Revisiting botnet models and their implications for takedown strategies. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2012. p. 249–268.

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/978-3-642-28641-4_14

EISSN

1611-3349

ISSN

0302-9743

Publication Date

April 9, 2012

Volume

7215 LNCS

Start / End Page

249 / 268

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences