A Hybrid Technique To Detect Botnets, Based on P2P Traffic Similarity

The botnet has been one of the most common threats to the network security since it exploits multiple malicious codes like worm, Trojans, Rootkit, etc. These botnets are used to perform the attacks, send phishing links, and/or provide malicious services. It is difficult to detect Peer-to-peer (P2P) botnets as compare to IRC (Internet Relay Chat), HTTP (HyperText Transfer Protocol) and other types of botnets because of having typical features of the centralization and distribution. To solve these problems, we propose an effective two-stage traffic classification method to detect P2P botnet traffic based on both non-P2P traffic filtering mechanism and machine learning techniques on conversation features. At the first stage, we filter non-P2P packages to reduce the amount of network traffic through well-known ports, DNS query, and flow counting. At the second stage, we extract conversation features based on data flow features and flow similarity. We detected P2P botnets successfully, by using Machine Learning Classifiers. Experimental evaluations show that our two-stage detection method has a higher accuracy than traditional P2P botnet detection methods.

[1]  Xin Zhou,et al.  Design of P2P Traffic Identification Based on DPI and DFI , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[2]  Mamoun Alazab,et al.  Towards Understanding Malware Behaviour by the Extraction of API Calls , 2010, 2010 Second Cybercrime and Trustworthy Computing Workshop.

[3]  Xiapu Luo,et al.  Detecting stealthy P2P botnets using statistical traffic fingerprints , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[4]  Christopher Krügel,et al.  JACKSTRAWS: Picking Command and Control Connections from Bot Traffic , 2011, USENIX Security Symposium.

[5]  Nicole Krämer,et al.  Learning stateful models for network honeypots , 2012, AISec.

[6]  Fang Yu,et al.  Intention and Origination: An Inside Look at Large-Scale Bot Queries , 2013, NDSS.

[7]  Mohd Faizal Abdollah,et al.  Preliminary study of host and network-based analysis on P2P Botnet detection , 2013, 2013 International Conference on Technology, Informatics, Management, Engineering and Environment.

[8]  Wujian Ye,et al.  Two-Step P2P Traffic Classification with Connection Heuristics , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[9]  Xiuli Shao,et al.  Detecting P2P botnets by discovering flow dependency in C&C traffic , 2014, Peer-to-Peer Netw. Appl..

[10]  Xiapu Luo,et al.  Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.

[11]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[12]  Chunyong Yin,et al.  Towards Accurate Node-Based Detection of P2P Botnets , 2014, TheScientificWorldJournal.

[13]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[14]  Reza Sharifnya,et al.  DFBotKiller: Domain-flux botnet detection based on the history of group activities and failures in DNS traffic , 2015, Digit. Investig..

[15]  Mamoun Alazab,et al.  Profiling and classifying the behavior of malicious codes , 2015, J. Syst. Softw..

[16]  Mahdi Aiash,et al.  Machine Learning Based Botnet Identification Traffic , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[17]  Chia-Mei Chen,et al.  Defense Joint Attacks Based on Stochastic Discrete Sequence Anomaly Detection , 2016, 2016 11th Asia Joint Conference on Information Security (AsiaJCIS).

[18]  Arushi Arora,et al.  Denial-of-Service (DoS) Attack and Botnet: Network Analysis, Research Tactics, and Mitigation , 2018 .

[19]  Xiaosong Zhang,et al.  Evaluating the Performance of ResNet Model Based on Image Recognition , 2018, ICCAI 2018.

[20]  Rajesh Kumar,et al.  Malicious Code Detection based on Image Processing Using Deep Learning , 2018, ICCAI 2018.

[21]  Rajesh Kumar,et al.  Analysis of ResNet and GoogleNet models for malware detection , 2018, Journal of Computer Virology and Hacking Techniques.