SPEAKER

Mathias joined the University Münster as assistant professor in December 2015, after two consecutive positions as Postdoc at TU Darmstadt and the International Computer Science Institute (ICSI) in Berkeley. His research interests encompass IT and network security, resilient distributed systems, network monitoring, and botnets. Mathias received a PhD in 2012 and a diploma in computer science in 2008, both from TU Ilmenau

ABSTRACT

Most of recent cyber-crime activities such as banking credential thefts and Distributed Denial of Service (DDoS) attacks are caused by botnets.

A botnet consists of thousands of infected machines or bots around the globe that is controlled by a botmaster. These bots were traditionally controlled by the botmaster using centralized command and control servers. However, such a centralized architecture represents a single point of failure and has been exploited in many botnet takedowns in the past.

As a result, recent botnets have adopted a P2P-based architecture. These botnets are not only robust against random failures, but due to their self-organizing capabilities they are also more robust against targeted attacks like takedown attempts. Moreover, they provide a certain level of anonymity to the botmaster, as he can issue commands to the whole botnet by connecting to any of the bots.

For this reason, it is urgent to monitor P2P-based botnets to investigate potential vulnerabilities and to prepare takedown operations. This talk will give an overview on the botnet ecosystem, monitoring challenges, and novel approaches for monitoring P2P-based botnets.