Peer-to-Peer Botnets: Analysis and Detection

Author

Jeet Morparia, San Jose State University

Publication Date

2008

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

Abstract

Attacks such as spamming, distributed denial of service and phishing have become commonplace on the Internet. In the past, attackers would use high bandwidth Internet connection servers to accomplish their tasks. Since desktop users today have high-speed Internet connections, attackers infect users’ desktops and harness their computing power to perform malicious activities over the Internet. As attackers develop new methods to attack from distributed locations as well as avoid being detected, there is a need to develop efficient methods to detect and mitigate this epidemic of infection of hosts on the network. In this project, we aim to analyze the peer-to-peer botnet binary known as Trojan.Peacomm and its variants. Reverse engineering techniques have been used to disassemble the binary and to identify the techniques that the botnet binary uses to spread itself and to make its detection difficult by current scanners. In the process, we establish a framework and methods for malware analysis, which could be used to analyze other bot binaries and malware. Based on our findings we discuss a few techniques to detect and shut down botnets and demonstrated an attack scenario used to disrupt their activity.

Recommended Citation

Morparia, Jeet, "Peer-to-Peer Botnets: Analysis and Detection" (2008). Master's Projects. 100.
DOI: https://doi.org/10.31979/etd.xk6g-hh6t
https://scholarworks.sjsu.edu/etd_projects/100