Avoiding honeypot detection in peer-to-peer botnets

Meerah M. Al-Hakbani, Mostafa H. Dahshan

Research output: Book chapter/Published conference paperConference paperpeer-review

13 Citations (Scopus)

Abstract

A botnet is group of compromised computers that are controlled by a botmaster, who uses them to perform illegal activities. Centralized and P2P (Peer-to-Peer) botnets are the most commonly used botnet types. Honeypots have been used in many systems as computer defense. They are used to attract botmasters to add them in their botnets; to become spies in exposing botnet attacker behaviors. In recent research works, improved mechanisms for honeypot detection have been proposed. Such mechanisms would enable bot masters to distinguish honeypots from real bots, making it more difficult for honeypots to join botnets. This paper presents a new method that can be used by security defenders to overcome the authentication procedure used by the advanced two-stage reconnaissance worm (ATSRW). The presented method utilizes the peer list information sent by an infected host during the ATSRW authentication process and uses a combination of IP address spoofing and fake TCP three-way handshake. The paper provides an analytical study on the performance and the success probability of the presented method. We show that the presented method provide a higher chance for honeypots to join botnets despite security measures taken by botmasters.

Original languageEnglish
Title of host publicationICETECH 2015 - 2015 IEEE International Conference on Engineering and Technology
Place of PublicationUnited States
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages1-7
Number of pages7
ISBN (Electronic)9781479918546
DOIs
Publication statusPublished - 23 Sept 2015
EventIEEE International Conference on Engineering and Technology, ICETECH 2015 - Rathinam Technical Campus, Coimbatore, India
Duration: 20 Mar 201520 Mar 2015
https://web.archive.org/web/20150312164419/http://www.icetech.rathinamcollege.com/home/

Publication series

NameICETECH 2015 - 2015 IEEE International Conference on Engineering and Technology

Conference

ConferenceIEEE International Conference on Engineering and Technology, ICETECH 2015
Country/TerritoryIndia
CityCoimbatore
Period20/03/1520/03/15
Internet address

Fingerprint

Dive into the research topics of 'Avoiding honeypot detection in peer-to-peer botnets'. Together they form a unique fingerprint.

Cite this