Sciweavers

POST
2012

Revisiting Botnet Models and Their Implications for Takedown Strategies

12 years 7 months ago
Revisiting Botnet Models and Their Implications for Takedown Strategies
Abstract. Several works have utilized network models to study peerto-peer botnets, particularly in evaluating the effectiveness of strategies aimed at taking down a botnet. We observe that previous works fail to consider an important structural characteristic of networks — assortativity. This property quantifies the tendency for “similar” nodes to connect to each other, where the notion of “similarity” is examined in terms of node degree. Empirical measurements on networks simulated according to the Waledac botnet protocol, and on network traces of bots from a honeynet running in the wild, suggest that real-world botnets can be significantly assortative, even more so than social networks. By adjusting the level of assortativity in simulated networks, we show that high assortativity allows networks to be more resilient to takedown strategies than predicted by previous works, and can allow a network to “heal” itself effectively after a fraction of its nodes are removed....
Ting-Fang Yen, Michael K. Reiter
Added 25 Apr 2012
Updated 25 Apr 2012
Type Journal
Year 2012
Where POST
Authors Ting-Fang Yen, Michael K. Reiter
Comments (0)