A Two-stage P2P Botnet Detection Method Based on Statistical Features

P2P botnet has become one of the most serious threats to today's network security. It can be used to launch kinds of malicious activities, ranging from spamming to distributed denial of service attack. However, the detection of P2P botnet is always challenging because of its decentralized architecture. In this paper, we propose a two-stage P2P botnet detection method which only relies on several traffic statistical features. This method first detects P2P hosts based on three statistical features, and then distinguishes P2P bots from benign P2P hosts by means of another two statistical features. Experimental evaluations on real-world traffic datasets shows that our method is able to detect hidden P2P bots with a detection accuracy of 99.7% and a false positive rate of only 0.3% within 5 minutes.

[1]  Zhixian Yang,et al.  A Feature Extraction Method for P2P Botnet Detection Using Graphic Symmetry Concept , 2019, Symmetry.

[2]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[3]  Yashwant Singh,et al.  Botnet Detection using Machine Learning , 2018, 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC).

[4]  Prateek Mittal,et al.  BotGrep: Finding P2P Bots with Structured Graph Analysis , 2010, USENIX Security Symposium.

[5]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[6]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[7]  Nauman Aslam,et al.  An efficient reinforcement learning-based Botnet detection approach , 2020, J. Netw. Comput. Appl..

[8]  Miroslaw Szymczyk Detecting Botnets in Computer Networks Using Multi-agent Technology , 2009, 2009 Fourth International Conference on Dependability of Computer Systems.

[9]  Li Zhang,et al.  A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks , 2016, Neural Computing and Applications.

[10]  Xiaolei Wang,et al.  Adaptive traffic sampling for P2P botnet detection , 2017, Int. J. Netw. Manag..

[11]  J. Morris Chang,et al.  PeerHunter: Detecting peer-to-peer botnets through community behavior analysis , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[12]  Noorbakhsh Amiri Golilarz,et al.  An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers , 2019, Applied Sciences.

[13]  John C. Mitchell,et al.  Characterizing Bots' Remote Control Behavior , 2007, DIMVA.

[14]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[15]  Xiapu Luo,et al.  Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.

[16]  Kang Li,et al.  PeerRush: Mining for unwanted P2P traffic , 2013, J. Inf. Secur. Appl..

[17]  Sharath Chandra Guntuku,et al.  Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests , 2014, Inf. Sci..

[18]  Sven Dietrich,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment , 2014, Lecture Notes in Computer Science.

[19]  Qiang Ma,et al.  Detecting infection onset with behavior-based policies , 2011, 2011 5th International Conference on Network and System Security.

[20]  J. Morris Chang,et al.  Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[21]  Zhi Xue,et al.  Distributed Threat Intelligence Sharing System: A New Sight of P2P Botnet Detection , 2019, 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS).

[22]  Lei Liu,et al.  BotTracer: Execution-Based Bot-Like Malware Detection , 2008, ISC.

[23]  Radu State,et al.  BotTrack: Tracking Botnets Using NetFlow and PageRank , 2011, Networking.

[24]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.