A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf
.
Friends of an enemy
2010
Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10
In this work we show that once a single peer-to-peer (P2P) bot is detected in a network, it may be possible to efficiently identify other members of the same botnet in the same network even before they exhibit any overtly malicious behavior. Detection is based on an analysis of connections made by the hosts in the network. It turns out that if bots select their peers randomly and independently (i.e. unstructured topology), any given pair of P2P bots in a network communicate with at least one
doi:10.1145/1920261.1920283
dblp:conf/acsac/CoskunDM10
fatcat:jbqi6ouyhfgkdpnzh6lyzttxs4