KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Further Analyzing the Sybil Attack in Mitigating Peer-to-Peer Botnets

  • Wang, Tian-Zuo (School of Computer Science, National University of Defense Technology) ;
  • Wang, Huai-Min (School of Computer Science, National University of Defense Technology) ;
  • Liu, Bo (School of Computer Science, National University of Defense Technology) ;
  • Ding, Bo (School of Computer Science, National University of Defense Technology) ;
  • Zhang, Jing (School of Computer Science, National University of Defense Technology) ;
  • Shi, Pei-Chang (School of Computer Science, National University of Defense Technology)
  • Received : 2011.12.26
  • Accepted : 2012.09.20
  • Published : 2012.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Sybil attack has been proved effective in mitigating the P2P botnet, but the impacts of some important parameters were not studied, and no model to estimate the effectiveness was proposed. In this paper, taking Kademlia-based botnets as the example, the model which has the upper and lower bound to estimate the mitigating performance of the Sybil attack is proposed. Through simulation, how three important factors affect the performance of the Sybil attack is analyzed, which is proved consistent with the model. The simulation results not only confirm that for P2P botnets in large scale, the Sybil attack is an effective countermeasure, but also imply that the model can give suggestions for the deployment of Sybil nodes to get the ideal performance in mitigating the P2P botnet.

Keywords

References

  1. John R. Douceur, "The Sybil Attack," Peer-to-Peer Systems Lecture Notes in Computer Science, Vol. 2429/2002, pp. 251-260, 2008.
  2. Miguel Castro, Peter Druschel, Ayalvadi Ganesh, Antony Rowstron, Dan S. Wallach, "Secure routing for structured peer-to-peer overlay networks," in Proc. of 5th symposium on Operating Systems Design and Implementation, Dec 2002.
  3. Hosam Rowaihy, William Enck, Patrick McDaniel, and Thomas La Porta, "Limiting Sybil Attacks in Structured P2P Networks," in Proc. of 26th IEEE International Conference on Computer Communications, pp. 2596-2600, Jun 2007.
  4. T. Cholez, I. Chrisment and O. Festor, "Evaluation of sybil attacks protection schemes in kad," Scalability of Networks and Services, pp. 70-82, 2009.
  5. P. Wang, L. Wu, B. Aslam, and C. C. Zou, "A systematic study on peer-to-peer botnets," in Proc. of 18th International Conference on Computer Communications and Networks, pp.1-8, Aug 2009.
  6. Natalya Fedotova, Luca Veltri, "The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet," in Proc. of 26th Annual Computer Security Applications Conference, pp. 141-150, Dec 2010.
  7. JB Grizzard, V. Sharma, C. Nunnery, BB Kang, and D. Dagon, "Peer-to-peer botnets: Overview and case study," in Proc. of 1st Hot Topics in Understanding Botnets, Apr 2007.
  8. T. Holz, M. Steiner, F. Dahl, E. W. Biersack, and F. Freiling, "Measurements and mitigation of peer-to-peer-based botnets: a case study on Storm worm," in Proc. of 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, Apr 2008.
  9. Petar Maymounkov and David Mazieres, "Kademlia: A Peer-to-Peer Information System Based on the XOR Metric," Peer-to-Peer Systems Lecture Notes in Computer Science, Vol. 2429/2002, pp. 53-65, 2002.
  10. C. Davis, J. Fernandez, S. Neville, and J. McHugh, "Sybil attacks as a mitigation strategy against the Storm botnet," in Proc. of 3rd International Conference on Malicious and Unwanted Software, pp.32-40, Oct 2008.
  11. C.Davis, J. Fernandez, S. Neville, and B. Victoria, "Optimising sybil attacks against p2p-based botnets," in Proc. of 4th International Conference on Malicious and Unwanted Software, pp. 78-87, Oct 2009.
  12. HyunCheol Jeong, Huy Kang Kim, Sangjin Lee and Eunjin Kim, "Detection of Zombie PCs Based on Email Spam Analysis", KSII Transactions on Internet and Information Systems, vol. 6, no. 5, May 2012.
  13. Kai Chen, HuiYu Liu and XiaoSu Chen, "Detecting LDoS attacks based on abnormal network traffic", KSII Transactions on Internet and Information Systems, vol. 6, no. 7, Jul 2012.
  14. Jing Zhang, Huaping Hu and Bo Liu, "Robustness of RED in Mitigating LDoS Attack", KSII Transactions on Internet and Information Systemsm, vol. 5, no. 5, may 2011.
  15. Raimund Genes, Anthony Arrott, David Sancho, "Stormy Weather: A Quantitative Assessment of the Storm Web Threat in 2007," Dec 2011.
  16. "MessageLabs Intelligence: Q1/March 2008 --One Fifth of All Spam Springs from Storm Botnet", http://www.messagelabs.co.uk/mlireport/MLI_Report_March_Q1_2008.pdf, December, 2011.
  17. Seungwon Shin and Guofei Gu, "Conficker and Beyond: A Large-Scale Empirical Study," in Proc. of 26th Annual Computer Security Applications Conference, Dec 2010.
  18. "infection tracking," Dec 2011.
  19. Gilou Tenebro, "W32.Waledac Threat Analysis,", Nov 2011.
  20. Dan Goodin, "Waledac botnet 'decimated' by MS takedown," Oct 2011.
  21. P. Wang, J. Tyra, ames, E. Chan-Tin, T. Malchow, D. F. Kune, N. Hopper, Y. Kim, "Attacking the kad network," in Proc. of 4th International Conference on Security and Privacy in Communication Networks, Sep 2008.
  22. Guenther Starnberger, Christopher Kruegel, Engin Kirda, "Overbot-A botnet protocol based on Kademlia," in Proc. of 4th International Conference on Security and Privacy in Communication Networks, Sep 2008.
  23. Montresor A, Jelasity M, "PeerSim: A Scalable P2P Simulator," in Proc. of 9th International Conference on Peer-to-Peer Computing, pp. 99-100, Sep 2009
  24. http://peersim.sourceforge.net/code/kademlia.zip, Apr 2011.
  25. C. Davis, S. Neville, J. Fernandez, J.M. Robert, and J. McHugh, "Structured peer-to-peer overlay networks: Ideal botnets command and control infrastructures?," in Proc. of 13th European Symp. on Research in Computer Security, pp. 461-480, Oct 2008.
  26. Gunter Ollmann, "Botnet Size within the Enterprise," http://blog.damballa.com/?p=361, Mar2011.
  27. E. Cooke, F. Jahanian, and D. McPherson, "The zombie roundup: understanding, detecting, and disrupting botnets," in Proc. of Steps to Reducing Unwanted Traffic on the Internet Workshop, pp. 39-44, Jul 2005.
  28. H. Yu, M. Kaminsky, B. P. Gibbons and A. Flaxman, "SybilGuard: Defending against sybil attacks via social networks," in Proc. of ACM Special Interest Group on Data Communication, Sep 2006.
  29. H. Yu, P. Gibbons, M. Kaminsky and F. Xiao, "SybilLimit: A near-optimal social network defense against sybil attacks," in Proc. of 29th IEEE Symposium on Security and Privacy, May 2008.
  30. Z. Yang, C. Wilson, X. Wang, T. Gao, B. Y. Zhao, and Y. Dai, "Uncoveringsocial network sybils in the wild," in Proc. of the ACM Internet Measurement Conference, pp. 259-268, Nov 2011.
  31. Hyeong S. Kim,Eunjin Jung and Heon Y.Yeom, "ELiSyR: Efficient, Lightweight and Sybil-Resilient File Search in P2P Networks ," KSII Transactions on Internet and Information Systems, vol. 4, no. 6, Dec 2010.
  32. Lazaros K Gallos, Reuven Cohen, Panos Argyrakis, Armin Bunde and Shlomo Havlin, "Stability and Topology of Scale-Free Networks under Attack and Defense Strategies," Physical Review Letters, vol. 94, no. 18, pp. 188701, May 2005. https://doi.org/10.1103/PhysRevLett.94.188701
  33. Apu Kapadia, Nikos Triandopoulos, "Halo: High-Assurance Locate for Distributed Hash Tables," in Proc. of 15th Annual Network and Distributed System Security Symposium, Feb 8-11, 2008.