Model the Influence of Sybil Nodes in P2P Botnets

  • Tianzuo Wang
  • Huaimin Wang
  • Bo Liu
  • Peichang Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)

Abstract

Sybil attacks are suitable to mitigate P2P botnets, and the effects depend on the influences of Sybil nodes. However, the problem of how to evaluate the influences of Sybil nodes is rarely studied. Considering Kademlia based botnets, we formulate a model to evaluate the influence of Sybil nodes during the publishing of commands. Simulation results show the correctness of this model, and it is found that the percentage of Sybil nodes in the botnet, the value of K, and the size of the botnet are three important factors which significantly affect the influence of Sybil nodes. For defenders who want to determine how many sybil nodes should be inserted to achieve the goal of mitigation, this model can provide valuable guidance.

Keywords

P2P botnets Sybil mitigation influence model Kademlia 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B.H.: Peer-to-peer botnets: overview and case study. In: 1st Conference on First Workshop on Hot Topics in Understanding Botnets, p. 1. USENIX Association (2007)Google Scholar
  2. 2.
  3. 3.
    Shin, S., Gu, G., Reddy, N., Lee, C.P.: A large-scale empirical study of conficker. IEEE Transactions on Information Forensics and Security 7, 676–690 (2012)CrossRefGoogle Scholar
  4. 4.
    Yu, H., Kaminsky, M., Gibbons, P.B.: SybilGuard: defending against sybil attacks via social networks. SIGCOMM Comput. Commun. Rev. 36(4), 267–278 (2006)CrossRefGoogle Scholar
  5. 5.
    Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Yang, Z., Wilson, C., Wang, X., Gao, T., Zhao, B.Y.: Uncovering social network sybils in the wild. In: The 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 259–268. ACM Press, New York (2011)CrossRefGoogle Scholar
  7. 7.
    Yu, H., Gibbons, P.B.: SybilLimit: A near-optimal social network defense against sybil attacks. IEEE/ACM Transactions on Networking 18(3), 885–898 (2010)CrossRefGoogle Scholar
  8. 8.
    Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, pp. 1–9. USENIX Association (2008)Google Scholar
  9. 9.
    Davis, C.R., Fernandez, J.M., Neville, S.: Optimising sybil attacks against P2P-based botnets. In: 4th International Conference on Malicious and Unwanted Software, pp. 78–87. IEEE Press, New York (2009)Google Scholar
  10. 10.
    Davis, C.R., Fernandez, J.M., Neville, S., McHugh, J.: Sybil attacks as a mitigation strategy against the storm botnet. In: 3rd International Conference on Malicious and Unwanted Software, pp. 32–40. IEEE Press, New York (2008)Google Scholar
  11. 11.
    Maymounkov, P., Mazières, D.: Kademlia: A peer-to-peer information system based on the XOR metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Starnberger, G., Kruegel, C., Kirda, E.: Overbot-a botnet protocol based on kademlia. In: 4th International Conference on Security and Privacy in Communication Networks. ACM Press, New York (2008)Google Scholar
  13. 13.
    Stoica, I., et al.: Chord: A scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM Computer Communication Review 31(4), 149–160 (2001)CrossRefGoogle Scholar
  14. 14.
    Montresor, A., Jelasity, M.: PeerSim: A Scalable P2P Simulator. In: 9th International Conference on Peer-to-Peer Computing, pp. 99–100. IEEE Press, New York (2009)Google Scholar
  15. 15.
    Singh, A., Ngan, T.-W.J., Druschel, P., Wallach, D.S.: Eclipse attacks on overlay networks: Threats and defenses. In: 25th IEEE International Conference on Computer Communications. IEEE Press, New York (2006)Google Scholar
  16. 16.
    Singh, A., Castro, M., Druschel, P.: Defending against eclipse attacks on overlay networks. In: 11th Workshop on ACM SIGOPS European Workshop, p. 21. ACM Press, New York (2004)CrossRefGoogle Scholar
  17. 17.
    Wang, P., Wu, L., Aslam, B., Zou, C.C.: A Systematic Study on Peer-to-Peer Botnets. In: International Conference on Computer Communications and Networks, San Francisco. IEEE Press, New York (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tianzuo Wang
    • 1
  • Huaimin Wang
    • 1
  • Bo Liu
    • 1
  • Peichang Shi
    • 1
  1. 1.School of Computer ScienceNational University of Defense TechnologyChangShaChina

Personalised recommendations