Performance analysis of peer-to-peer botnets using "The Storm Botnet" as an exemplar
| dc.contributor.author | Agarwal, Sudhir | |
| dc.contributor.supervisor | Ganti, Sudhakar | |
| dc.contributor.supervisor | Neville, Stephen William | |
| dc.date.accessioned | 2010-05-03T15:57:52Z | |
| dc.date.available | 2010-05-03T15:57:52Z | |
| dc.date.copyright | 2010 | en |
| dc.date.issued | 2010-05-03T15:57:52Z | |
| dc.degree.department | Dept. of Computer Science | en |
| dc.degree.level | Master of Science M.Sc. | en |
| dc.description.abstract | Among malicious codes like computer viruses and worms, botnets have attracted a significant attention and have been one of the biggest threats on the Internet. Botnets have evolved to incorporate peer-to-peer communications for the purpose of propagating instructions to large numbers of computers (also known as bot) under the botmaster's control. The impact of the botnet lies in its ability for a bot master to execute large scale attacks while remaining hidden as the true director of the attack. One such recently known botnet is the Storm botnet. Storm is based on the Overnet Distributed Hash Table (DHT) protocol which in turn is based on the Kademlia DHT protocol. Significant research has been done for determining its operational size, behaviour and mitigation approaches. In this research, the peer-to-peer behaviour of Storm is studied by simulating its actual packet level network behaviour. The packet level simulator is developed via the simulation framework OMNET++ to determine the impact of design parameters on botnets performance and resilience. Parameters such as botnet size, peer list size, the number of bot masters and the key propagation time have been explored. Furthermore, two mitigation strategies are considered: a) random removal strategy (disinfection strategy), that removes selected bots randomly from the botnet; b) Sybil disruption strategy, that introduces fake bots into the botnet with the task of propagating Sybil values into the botnet to disrupt the communication channels between the controllers and the compromised machines. The simulation studies demonstrate that Sybil disruption strategies outperform random removal strategies. The simulation results also indicate that random removal strategies are not even effective for a small sized networks. The results of the simulation studies are particularly applicable to the Storm botnet but these results also provide insights that can be applied to peer-to-peer based botnets in general. | en |
| dc.identifier.uri | http://hdl.handle.net/1828/2689 | |
| dc.language | English | eng |
| dc.language.iso | en | en |
| dc.rights | Available to the World Wide Web | en |
| dc.subject | Storm Botnet | en |
| dc.subject | Kademlia Protocol | en |
| dc.subject | Peer-To-Peer | en |
| dc.subject.lcsh | UVic Subject Index::Sciences and Engineering::Applied Sciences::Computer science | en |
| dc.title | Performance analysis of peer-to-peer botnets using "The Storm Botnet" as an exemplar | en |
| dc.type | Thesis | en |