Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter:

Published byMelina Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter:"— Presentation transcript:

1 Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter: Chia-Li Lin

2 2 Outline Introduction Storm botnet DHT k-buckets && lists Dynamic lists Four message types Sybil attack Goals and parameter Simulation Data Fail Factor Conclution

3 3 Introduction The Storm botnet is currently one of the most sophisticated botnet infrastructures. IRC bot easy to detect and disrupt once the server is identified peer-to-peer (P2P) bot more resilient

4 4 Storm Botnet Storm uses a modified Overnet P2P protocol for its communication architecture. The main difference between the Storm and overnet P2P infrastructure Overnet P2P network is that Storm nodes XOR encrypts their messages using a 40-bit encryption key The regular Overnet nodes do not encrypt their messages

5 5 DHT Overnet implements a distributed hash table algorithm called “Kademlia” Each node participating in an Overnet network generates a 128-bit ID for itself when it first joins the network.

6 6 k-buckets and lists Each node in an Overnet network stores contact information about some of the other nodes in the network, in order to appropriately route query messages. This information is organised in lists Lists of (IP address, UDP port, ID) triplets The triplets are in the form = 00 is the 128-bit node ID 00 is the IP address and UDP port in hexadecimal format format:008052D5853A3B3D2A9B84190975BAFD=53855152054A00

7 7 Dynamic k-bucket (lists) If a peer is already in the recipient k-bucket Move it to the tail of the k-bucket. Otherwise If there are rooms left in the k-bucket, the peer’s triplet is simply added to the tail of the k-bucket. If there is no room left, ping the head node  If a node does not respond, it is evicted from the k-bucket and the recipient adds the peer to the tail.  If all nodes respond, the peer contact is discarded.

8 8 Four Message Types The Kademlia protocol (which Overnet implements) provides the four message types outlined below: PING: if it is on-line STORE: store a pair FIND_NODE: search for a node ID FIND_VALUE: search for a pair

9 9 Sybil Attack Holz, Steiner, Dahl, Biersack, and Freiling presented “Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm” showing how to use sybils to infiltrate the Storm botnet. That is able to create thousands of sybils on one single physical machine

10 10 Simulation step (a) Send PING, FIND_NODE, and FIND_VALUE messages to non-sybil nodes in attempt to get their IDs in the peerlist of the nodes (b) Respond to FIND_NODE and FIND_VALUE queries with false information

11 11 Three Goals What effects do Sybil growth rate is : a) equal to the botnet growth rate b) half the botnet growth rate c) twice the botnet growth rate What effects do time duration of Sybil attacks have on the degree of success in disrupting the botnet communication Do botnet design choices, such as the size of the peerlist, have any bearing on the effectiveness of the Sybil attacks

12 12 R-Reachability To assess the effectiveness of the Sybil attack in disrupting the botnet C&C infrastructure

13 13 Insertion Ratio of Sybils (IR) : insertion ratio of sybils in the peer-lists (SI) : the total occurrences of sybils in the peer-lists (N) : the product of the final number of nodes (l) : the peer-list size

14 14 Parameter Sybil birth rate (S BR ) varies from 0 to 2 times the net botnet growth rate (B GR ) Peer list sizes l {100, 200, 300} Time-steps {10, 20, 30} R-Reachability (r = 1 radius)

15 15 Simulation Data[1/2] S BR /B GR total sybilsinsertion ratio(I R )standard deviation 0.510004.22%0.5123% 120008.34%0.5293% 2400015.43%0.8730% r = 1 radius, l = 200,time-step=10 S BR /B GR total sybilsinsertion ratio(I R )standard deviation 0.5300010.53%0.5422 % 1600018.67%0.6922 21200030.94%1.2172 r = 1 radius, l = 200,time-step=30 S BR /B GR total sybilsinsertion ratio(I R )standard deviation 0.520007.88%0.6078% 1400014.34%0.6668% 2800024.82%1.0678% r = 1 radius, l = 200,time-step=20 S BR /B GR total sybilsinsertion ratio(I R )standard deviation 0.520007.62%0.8577 % 1400013.94%1.2987% 2800024.74%1.6265% r = 1 radius, l = 100,time-step=20 S BR /B GR total sybilsinsertion ratio(I R )standard deviation 0.520007.88%0.6050 1400014.35%0.9602 2800024.830.7827 r = 1 radius, l = 300,time-step=20

16 16 Simulation Data[2/2]

17 17 Fail Factor Fault tolerant voting schemes Fastest response path and time Detectable by the botnet operators

18 18 Fastest Response Path

19 19 Conclution Sybil atack is not very efficient to mitigate Storm worm peer-to-peer botnet.

Download ppt "Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter:"

Similar presentations

Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
Kademlia: A Peer-to-peer Information System Based on the XOR Metric.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
A Scalable Virtual Registry Service for jGMA Matthew Grove CCGRID 2005 - WIP May 2005.

A Scalable Virtual Registry Service for jGMA Matthew Grove CCGRID WIP May 2005.
Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Schenker Presented by Greg Nims.

Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Schenker Presented by Greg Nims.
Peer-to-Peer Networks João Guerreiro Truong Cong Thanh Department of Information Technology Uppsala University.

Peer-to-Peer Networks João Guerreiro Truong Cong Thanh Department of Information Technology Uppsala University.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
A Scalable Content-Addressable Network Authors: S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker University of California, Berkeley Presenter:

A Scalable Content-Addressable Network Authors: S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker University of California, Berkeley Presenter:
CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)

CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)
Protecting Free Expression Online with Freenet Presented by Ho Tsz Kin I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley 14/08/2003.

Protecting Free Expression Online with Freenet Presented by Ho Tsz Kin I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley 14/08/2003.
Topics in Reliable Distributed Systems 048961 Fall 2003-2004 Dr. Idit Keidar.

Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.
Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.

Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.
Project Mimir A Distributed Filesystem Uses Rateless Erasure Codes for Reliability Uses Pastry’s Multicast System Scribe for Resource discovery and Utilization.

Project Mimir A Distributed Filesystem Uses Rateless Erasure Codes for Reliability Uses Pastry’s Multicast System Scribe for Resource discovery and Utilization.
File Sharing : Hash/Lookup Yossi Shasho (HW in last slide) Based on Chord: A Scalable Peer-to-peer Lookup Service for Internet ApplicationsChord: A Scalable.

File Sharing : Hash/Lookup Yossi Shasho (HW in last slide) Based on Chord: A Scalable Peer-to-peer Lookup Service for Internet ApplicationsChord: A Scalable.
Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.

Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.
SIMULATING A MOBILE PEER-TO-PEER NETWORK Simo Sibakov Department of Communications and Networking (Comnet) Helsinki University of Technology Supervisor:

SIMULATING A MOBILE PEER-TO-PEER NETWORK Simo Sibakov Department of Communications and Networking (Comnet) Helsinki University of Technology Supervisor:
INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.

INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

Similar presentations

Ads by Google