Reconstruction of C&C Channel for P2P Botnet
Mohammad Jafari Dehkordi, Babak Sadeghiyan

TL;DR
This paper introduces a probabilistic method to reconstruct the topology of P2P botnet command and control channels using incomplete data, achieving over 90% accuracy in simulated environments.
Contribution
It presents a novel approach for reconstructing P2P botnet C&C topologies without complete data, addressing a gap in existing methods.
Findings
Over 90% of edges accurately estimated in simulations
Effective with limited data, using only half the bots' receiving times
Achieves high reconstruction accuracy with 22 cascades in large networks
Abstract
Breaking down botnets have always been a big challenge. The robustness of C&C channels is increased, and the detection of botmaster is harder in P2P botnets. In this paper, we propose a probabilistic method to reconstruct the topologies of the C&C channel for P2P botnets. Due to the geographic dispersion of P2P botnet members, it is not possible to supervise all members, and there does not exist all necessary data for applying other graph reconstruction methods. So far, no general method has been introduced to reconstruct C&C channel topology for all type of P2P botnet. In our method, the probability of connections between bots is estimated by using the inaccurate receiving times of several cascades, network model parameters of C&C channel, and end-to-end delay distribution of the Internet. The receiving times can be collected by observing the external reaction of bots to commands. The…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
