David Dagon`
Georgia Institute of Technology
USA
Guofei Gu
Georgia Institute of Technology
USA
Christopher P. Lee
Georgia Institute of Technology
USA
Wenke Lee
Georgia Institute of Technology
USA
We propose a taxonomy of botnet structures, based on their utility to
the botmaster. We propose key metrics to measure their utility for
various activities (e.g., spam, ddos). Using the performance metrics,
we consider the ability of different response techniques to degrade or
disrupt botnets.
In particular, our models show that for scale free botnets, targeted
responses are particularly effective. Further, botmasters' efforts to
improve the robustness of scale free networks comes at a cost of
diminished transitivity. Botmasters do not appear to have any
structural solutions to this problem in scale free networks. We also
show that random graph botnets (e.g., those using P2P formations) are
highly resistant to both random and targeted responses.
We evaluate the impact of responses on different topologies using
simulation. We also perform some novel measurements of a P2P network
to demonstrate the utility of our proposed metrics. Our analysis
shows how botnets may be classified according to structure, and given
rank or priority using our proposed metrics. This may help direct
responses, and suggests which general remediation strategies are more
likely to succeed.
Keywords: botnets, taxonomy, honeypots, bandwidth, p2p networks, response metrics