Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter:

Slides:



Advertisements
Similar presentations
Scalable Content-Addressable Network Lintao Liu
Advertisements

Kademlia: A Peer-to-peer Information System Based on the XOR Metric.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
A Scalable Virtual Registry Service for jGMA Matthew Grove CCGRID WIP May 2005.
Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Schenker Presented by Greg Nims.
Peer-to-Peer Networks João Guerreiro Truong Cong Thanh Department of Information Technology Uppsala University.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
A Scalable Content-Addressable Network Authors: S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker University of California, Berkeley Presenter:
CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)
Protecting Free Expression Online with Freenet Presented by Ho Tsz Kin I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley 14/08/2003.
Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.
Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.
Project Mimir A Distributed Filesystem Uses Rateless Erasure Codes for Reliability Uses Pastry’s Multicast System Scribe for Resource discovery and Utilization.
File Sharing : Hash/Lookup Yossi Shasho (HW in last slide) Based on Chord: A Scalable Peer-to-peer Lookup Service for Internet ApplicationsChord: A Scalable.
Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.
SIMULATING A MOBILE PEER-TO-PEER NETWORK Simo Sibakov Department of Communications and Networking (Comnet) Helsinki University of Technology Supervisor:
INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.
An Evaluation model of botnet based on peer to peer Gao Jian KangFeng ZHENG,YiXian Yang,XinXin Niu 2012 Fourth International Conference on Computational.
Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin.
Multi-level Hashing for Peer-to-Peer System in Wireless Ad Hoc Environment Dewan Tanvir Ahmed and Shervin Shirmohammadi Distributed & Collaborative Virtual.
A Framework for Hybrid Structure P2P Botnet Speakers:MA2G0207 bo rong,sue Source:IEEE.
Thesis Proposal Data Consistency in DHTs. Background Peer-to-peer systems have become increasingly popular Lots of P2P applications around us –File sharing,
Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.
Introduction of P2P systems
Jonathan Walpole CSE515 - Distributed Computing Systems 1 Teaching Assistant for CSE515 Rahul Dubey.
 A P2P IRC Network Built on Top of the Kademlia Distributed Hash Table.
2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.
1 An Advanced Hybrid Peer-to-Peer Botnet Ping Wang, Sherri Sparks, Cliff C. Zou School of Electrical Engineering & Computer Science University of Central.
Appear in IEEE TDSC 2008 Presented by Wei-Cheng Xiao.
Hongil Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High.
A Scalable Content-Addressable Network (CAN) Seminar “Peer-to-peer Information Systems” Speaker Vladimir Eske Advisor Dr. Ralf Schenkel November 2003.
Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
Kademlia A Peer-to-peer Information System Based on the XOR Metric Petar Maymounkov and David Mazières {petar,
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,
An Improved Kademlia Protocol In a VoIP System Xiao Wu , Cuiyun Fu and Huiyou Chang Department of Computer Science, Zhongshan University, Guangzhou, China.
An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.
Kaleidoscope – Adding Colors to Kademlia Gil Einziger, Roy Friedman, Eyal Kibbar Computer Science, Technion 1.
An analysis of Skype protocol Presented by: Abdul Haleem.
PEER TO PEER (P2P) NETWORK By: Linda Rockson 11/28/06.
Peer to Peer A Survey and comparison of peer-to-peer overlay network schemes And so on… Chulhyun Park
DHT-based unicast for mobile ad hoc networks Thomas Zahn, Jochen Schiller Institute of Computer Science Freie Universitat Berlin 報告 : 羅世豪.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Plethora: Infrastructure and System Design. Introduction Peer-to-Peer (P2P) networks: –Self-organizing distributed systems –Nodes receive and provide.
A Scalable Virtual Registry Service for jGMA Matthew Grove DSG Seminar 3 rd May 2005.
BY: REBECCA NAVARRE & MICHAEL BAKER II Persea: Making Networks More Secure Since Early 2013.
Kademlia: A Peer-to-peer Information System Based on the XOR Metric
Kademlia: A Peer-to-peer Information System Based on the XOR Metric.
Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.
A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks E. Damiani S. De Capitani di Vimercati S. Paraboschi P. Samarati F.
Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks
Energy Efficient Data Management for Wireless Sensor Networks with Data Sink Failure Hyunyoung Lee, Kyoungsook Lee, Lan Lin and Andreas Klappenecker †
INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.
Botnets. A botnet is a network of compromised machines (bots) remotely controlled by an attacker. B ot Key U ncompromised Host B Botmaster B B B U U Commands.
Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.
Plethora: A Locality Enhancing Peer-to-Peer Network Ronaldo Alves Ferreira Advisor: Ananth Grama Co-advisor: Suresh Jagannathan Department of Computer.
CS694 - DHT1 Distributed Hash Table Systems Hui Zhang University of Southern California.
Incrementally Improving Lookup Latency in Distributed Hash Table Systems Hui Zhang 1, Ashish Goel 2, Ramesh Govindan 1 1 University of Southern California.
Fabián E. Bustamante, Fall 2005 A brief introduction to Pastry Based on: A. Rowstron and P. Druschel, Pastry: Scalable, decentralized object location and.
Chapter 29 Peer-to-Peer Paradigm Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS Spring 2010 CS 414 – Multimedia Systems Design Lecture 24 – Introduction to Peer-to-Peer (P2P) Systems Klara Nahrstedt (presented by Long Vu)
Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.
Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.
CHAPTER 3 Architectures for Distributed Systems
Plethora: Infrastructure and System Design
Kademlia: A Peer-to-peer Information System Based on the XOR Metric
Presentation transcript:

Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter: Chia-Li Lin

2 Outline Introduction Storm botnet DHT k-buckets && lists Dynamic lists Four message types Sybil attack Goals and parameter Simulation Data Fail Factor Conclution

3 Introduction The Storm botnet is currently one of the most sophisticated botnet infrastructures. IRC bot easy to detect and disrupt once the server is identified peer-to-peer (P2P) bot more resilient

4 Storm Botnet Storm uses a modified Overnet P2P protocol for its communication architecture. The main difference between the Storm and overnet P2P infrastructure Overnet P2P network is that Storm nodes XOR encrypts their messages using a 40-bit encryption key The regular Overnet nodes do not encrypt their messages

5 DHT Overnet implements a distributed hash table algorithm called “Kademlia” Each node participating in an Overnet network generates a 128-bit ID for itself when it first joins the network.

6 k-buckets and lists Each node in an Overnet network stores contact information about some of the other nodes in the network, in order to appropriately route query messages. This information is organised in lists Lists of (IP address, UDP port, ID) triplets The triplets are in the form = 00 is the 128-bit node ID 00 is the IP address and UDP port in hexadecimal format format:008052D5853A3B3D2A9B BAFD= A00

7 Dynamic k-bucket (lists) If a peer is already in the recipient k-bucket Move it to the tail of the k-bucket. Otherwise If there are rooms left in the k-bucket, the peer’s triplet is simply added to the tail of the k-bucket. If there is no room left, ping the head node  If a node does not respond, it is evicted from the k-bucket and the recipient adds the peer to the tail.  If all nodes respond, the peer contact is discarded.

8 Four Message Types The Kademlia protocol (which Overnet implements) provides the four message types outlined below: PING: if it is on-line STORE: store a pair FIND_NODE: search for a node ID FIND_VALUE: search for a pair

9 Sybil Attack Holz, Steiner, Dahl, Biersack, and Freiling presented “Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm” showing how to use sybils to infiltrate the Storm botnet. That is able to create thousands of sybils on one single physical machine

10 Simulation step (a) Send PING, FIND_NODE, and FIND_VALUE messages to non-sybil nodes in attempt to get their IDs in the peerlist of the nodes (b) Respond to FIND_NODE and FIND_VALUE queries with false information

11 Three Goals What effects do Sybil growth rate is : a) equal to the botnet growth rate b) half the botnet growth rate c) twice the botnet growth rate What effects do time duration of Sybil attacks have on the degree of success in disrupting the botnet communication Do botnet design choices, such as the size of the peerlist, have any bearing on the effectiveness of the Sybil attacks

12 R-Reachability To assess the effectiveness of the Sybil attack in disrupting the botnet C&C infrastructure

13 Insertion Ratio of Sybils (IR) : insertion ratio of sybils in the peer-lists (SI) : the total occurrences of sybils in the peer-lists (N) : the product of the final number of nodes (l) : the peer-list size

14 Parameter Sybil birth rate (S BR ) varies from 0 to 2 times the net botnet growth rate (B GR ) Peer list sizes l {100, 200, 300} Time-steps {10, 20, 30} R-Reachability (r = 1 radius)

15 Simulation Data[1/2] S BR /B GR total sybilsinsertion ratio(I R )standard deviation %0.5123% %0.5293% %0.8730% r = 1 radius, l = 200,time-step=10 S BR /B GR total sybilsinsertion ratio(I R )standard deviation % % % % r = 1 radius, l = 200,time-step=30 S BR /B GR total sybilsinsertion ratio(I R )standard deviation %0.6078% %0.6668% %1.0678% r = 1 radius, l = 200,time-step=20 S BR /B GR total sybilsinsertion ratio(I R )standard deviation % % %1.2987% %1.6265% r = 1 radius, l = 100,time-step=20 S BR /B GR total sybilsinsertion ratio(I R )standard deviation % % r = 1 radius, l = 300,time-step=20

16 Simulation Data[2/2]

17 Fail Factor Fault tolerant voting schemes Fastest response path and time Detectable by the botnet operators

18 Fastest Response Path

19 Conclution Sybil atack is not very efficient to mitigate Storm worm peer-to-peer botnet.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.