Scalable P2P Overlays of Very Small Constant Degree: An Emerging Security Threat
In recent years peer-to-peer (P2P) technology has been adopted by Internet-based malware as a fault tolerant and scalable communication medium for self-organization and survival. It has been shown that malicious P2P networks would be nearly impossible to uncover if they operated in a stealth mode, that is, using only a small constant number of fixed overlay connections per node for communication. While overlay networks of a small constant maximal degree are generally considered to be unscalable, we argue in this paper that it is possible to design them to be scalable, efficient and robust. This is an important finding from a security point of view: we show that stealth mode P2P malware that is very difficult to discover with state-of-the-art methods is a plausible threat. In this paper we discuss algorithms and theoretical results that support the scalability of stealth mode overlays, and we present realistic simulations using an event based implementation of a proof-of-concept system. Besides P2P botnets, our results are also applicable in scenarios where relying on a large number of overlay connections per node is not feasible because of cost or the limited number of communication channels available.
Unable to display preview. Download preview PDF.
- 1.Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2008), Berkeley, CA, USA. USENIX Association (2008)Google Scholar
- 2.Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-peer botnets: Overview and case study. In: Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets, HotBots 2007 (2007)Google Scholar
- 3.Porras, P., Saïdi, H., Yegneswaran, V.: A foray into Conficker’s logic and rendezvous points. In: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2009). USENIX (2009)Google Scholar
- 5.Stern, H.: Effective malware: The trade-off between size and stealth. In: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2009). USENIX (2009) (invited talk)Google Scholar
- 6.Jelasity, M., Bilicki, V.: Towards automated detection of peer-to-peer botnets: On the limits of local approaches. In: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2009). USENIX (2009), http://www.usenix.org/events/leet09/tech/
- 7.Manku, G.S., Bawa, M., Raghavan, P.: Symphony: Distributed hashing in a small world. In: Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems, USITS 2003 (2003)Google Scholar
- 8.Malkhi, D., Naor, M., Ratajczak, D.: Viceroy: A scalable and dynamic emulation of the butterfly. In: Proceedings of the 21st ACM Symposium on Principles of Distributed Computing (PODC 2002), pp. 183–192. ACM, New York (2002)Google Scholar
- 9.Kong, J.S., Bridgewater, J.S.A., Roychowdhury, V.P.: A general framework for scalability and performance analysis of DHT routing systems. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2006), Washington, DC, USA, pp. 343–354. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
- 13.Naor, M., Wieder, U.: Know thy neighbor’s neighbor: Better routing for skip-graphs and small worlds. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 269–277. Springer, Heidelberg (2005)Google Scholar
- 15.PeerSim, http://peersim.sourceforge.net/
- 16.Stutzbach, D., Rejaie, R.: Understanding churn in peer-to-peer networks. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC 2006), pp. 189–202. ACM, New York (2006)Google Scholar