Peer to Peer Botnet Detection Based on Network Traffic Analysis

One of the most serious cyber-security threats is the botnet. The botnet runs in the background of the compromised machine and maintains the communication with the C&C server to receive malicious commands. Botnet master uses botnet to launch dangerous attacks. %such as Distributed Denial of Service (DDoS), data stealing and spamming. This paper addresses the problem of detecting P2P botnet flow records from P2P application within Netflow traces and activities in the network. We propose a technique that is capable of detecting a new P2P botnet in early stage. This technique has been evaluated with a collection of real malicious and legitimate datasets. Our algorithm preprocesses and extracts features to differentiate the botnet behavior from the legitimate behavior. The results of our experiment show a high level of accuracy and a low positive rate.

[1]  Norbik Bashah Idris,et al.  Analysis and detection of P2P Botnet connections based on node behaviour , 2011, 2011 World Congress on Information and Communication Technologies.

[2]  A. Nur Zincir-Heywood,et al.  Data Confirmation for Botnet Traffic Analysis , 2014, FPS.

[3]  Sateesh Kumar Peddoju,et al.  Scalable P2P bot detection system based on network data stream , 2016, Peer Peer Netw. Appl..

[4]  Xiaolei Wang,et al.  PeerSorter: Classifying Generic P2P Traffic in Real-Time , 2014, 2014 IEEE 17th International Conference on Computational Science and Engineering.

[5]  Sateesh Kumar Peddoju,et al.  Improved Detection of P2P Botnets through Network Behavior Analysis , 2014, SNDS.

[6]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..