An efficient botnet detection system for P2P botnet

Peer-to-Peer (P2P) botnets are exploited by the botmasters for their resiliency against the take down efforts. As the modern botnets are stealthier, the traditional botnet detection approaches are not suitable for the botnet detection. In this paper, an efficient botnet detection system is proposed for detecting the P2P botnet. The proposed botnet detection system estimates the flow export using NetFlow protocol. The packet flow is analyzed using three main components namely, Exporter, Collector, and Analyzer. The exporter captures the packet and monitors the contents of the packet. The collector captures the flow traffic and the analyzer component initiates an automated analysis of traffic with the captured packet information. The packet flow information is collected by virtual interface and physical probe. The virtual interface is used for collecting the malicious traffic information between the Virtual Machines (VMs) and the physical probe gathers malicious traffic information between the network bridges connecting VMs. The information collected from these techniques are analyzed for detecting the botnets in inter VM and intra VM. Compared to the existing Dendritic Cell Algorithm (DCA), the proposed VM based botnet detection system has minimal time consumption, increased detection speed, and higher attack prevention ratio.

[1]  Song Yuanzhang,et al.  Detecting P2P botnet by analyzing macroscopic characteristics with fractal and information fusion , 2015, China Communications.

[2]  N. Balakrishnan,et al.  BotSpot: fast graph based identification of structured P2P bots , 2015, Journal of Computer Virology and Hacking Techniques.

[3]  Chun-Ying Huang,et al.  A fuzzy pattern-based filtering algorithm for botnet detection , 2011, Comput. Networks.

[4]  Heejo Lee,et al.  PsyBoG: A scalable botnet detection method for large-scale DNS traffic , 2016, Comput. Networks.

[5]  Li Wang,et al.  The detection of P2P bots using the dendritic cells algorithm , 2015, 2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF).

[6]  Zhen Ling,et al.  TorWard: Discovery, Blocking, and Traceback of Malicious Traffic Over Tor , 2015, IEEE Transactions on Information Forensics and Security.

[7]  R. Weaver,et al.  Visualizing and Modeling the Scanning Behavior of the Conficker Botnet in the Presence of User and Network Activity , 2015, IEEE Transactions on Information Forensics and Security.

[8]  Wujian Ye,et al.  P2P and P2P botnet traffic classification in two stages , 2015, Soft Computing.

[9]  Xiapu Luo,et al.  Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.

[10]  Mark Graham,et al.  Botnet detection within cloud service provider networks using flow protocols , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[11]  David C. Yen,et al.  A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means , 2015, TMIS.

[12]  Ashraf Matrawy,et al.  A Survey on Botnet Architectures, Detection and Defences , 2015, Int. J. Netw. Secur..