USING HIERARCHAL PEER TO PEER NETWORK TO DEFEND FROM BOTNET ATTACKS
Abstract- Botnet is a network which contains multiple computers. This type of network is constructed by a centralized architecture. In this botnet many malware attacks are performed by the attackers. In the currently present botnet, a command and control server is used.To which all the bots in the botnet are connected. If this C&C server is catch by the defender, the entire botnet information’s will be exposed to the defender. This makes it easy for the defender to shut down the bot. To prevent this exposure of the entire botnet an hybrid peer to peer architecture is used. In this a bot master communicates with a bot and forms a fixed peer list. From this peer list formed, a bot is randomly selected as sensor host. To which all the information about the bots present in the botnet is send.Then Botmaster by retrieving this information performs the attack on bot which is present in the botnet. The botnet is defended from the attacker by using a honeypot technique . Honeypot checks whether there is a sensor host in its peer list and also acts as a normal bot. All the information present in the sensor host is deleted. Because of this, the botmaster cannot retrieve the information and perform any attack on botnet. By using this method the entire botnet is defended from the attackers.
Index Terms- Botnet,sensor host, honeypot.
An advanced hybrid peer to peer botnet is constructed and it is defended from the attackers. A botnet is constructed using decentralized architecture. Botnet is a collection of bots. A bot has a fixed and limited number of peer list in it.Botmaster communicates to each bots in a peer to peer fashion to form a network. A bot is randomly selected as a SensorHost and all information about the bots are send to it. The SensorHost sends the randomly generated peer list to each bots. Botmaster retrieves the information from the Sensor Host Using that information the botmaster perform attack on the bot.
To defend from these attacks an Honeypot is used. Honeypot is controlled by the defender. A Honeypot acts as a normal bot in the botnet. It deletes the information present in the Sensor Host. So that the attackers cannot retrieve any information about the bot. Advantages
➢ It is harder to shut down.
➢ It has a fixed and limited size peer list.
➢ It provides a robust connectivity.
2 RELATED WORKS
Recently a lot of research activities have been devoted to the issue of malware attacks using botnet. The research efforts generally fall into five categories: Botnet, Botnet Formation, Botnet with P2P architecture, Modeling P2P botnets, An advanced hybrid P2P botnet.
Banday M.T, Qadri J.A, Shah N.A. presented a study on Botnet and threats in Internet security. Among all media of communications, Internet is most vulnerable to attacks. Attackers use botnet to perform their attacks on system. The term Bot was derived from the word ro-bot. It is used to describe a script or set of scripts or a program designed to perform predefined functions repeatedly and automatically after being triggered intentionally or through a system infection. The attacker may choose to write its own code to attack a system. Botnet use a Command and Control techniques. In which all the bots are connected with a C&C server. C&C system present in the botnets is unique and unlikely to change among bots and their variants. This paper has not presented any solution to the Internet Security threats.
Jing Liu and Yang Xiao presented a Botnet formation. The perpetrator of botnet sends out worms or viruses to infect victims' machines. The bots on the infected hosts use a communications medium to form a botnet. Spammer sends commands to this botnet to order the bots to send out spam. The infected hosts send the spam messages to various mail servers in the Internet. IRC-Based Bot. IRC is a protocol for...
Please join StudyMode to read the full document