A Novel Botnet Detection System for P2P Networks

Botnets remain an active security problem on the Internet and various computer networks. They are continuously developing with regard to protocols, structure and quality of attacks. Many botnet detection programs are currently available, but only few can detect bots in real-time. The sooner bots are detected the lesser damage they can cause. In this paper, a novel botnet detection system, is proposed to detect peer-to-peer bots. The system consists of three-phases filtering, P2P detection and P2P botnet detection phases. For the third phase, P2P network behavior analysis is performed to detect P2P bots. Experimental results showed that the system exhibits high average true positive rate and extremely low average false positive rate during botnet detection.

[1]  Mrinal K. Ghose,et al.  An Efficient Machine Learning Based Classification Scheme for Detecting Distributed Command & Control Traffic of P2P Botnets , 2013 .

[2]  Kang Li,et al.  PeerRush: Mining for unwanted P2P traffic , 2013, J. Inf. Secur. Appl..

[3]  Chunyong Yin,et al.  Towards Accurate Node-Based Detection of P2P Botnets , 2014, TheScientificWorldJournal.

[4]  Daniel Stutzbach,et al.  Understanding churn in peer-to-peer networks , 2006, IMC '06.

[5]  A. Obeidat,et al.  Survey of the P 2 P botnet detection methods , 2016 .

[6]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[7]  C. Dillon,et al.  Peer-to-Peer Botnet Detection Using NetFlow Master , 2014 .

[8]  Nizar Kheir,et al.  BotSuer: Suing Stealthy P2P Bots in Network Traffic through Netflow Analysis , 2013, CANS.

[9]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[10]  Issa Traoré,et al.  P2P Botnet Detection through Malicious Fast Flux Network Identification , 2012, 2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[11]  V. N. Venkatakrishnan,et al.  PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification , 2014, EURASIP J. Inf. Secur..

[12]  Yuhui Fan,et al.  A P2P Botnet Detection Method Used On-line Monitoring and Off-line Detection , 2014 .

[13]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[14]  Saoucene Mahfoudh,et al.  Peer to Peer Botnet Detection Based on Network Traffic Analysis , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[15]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[16]  Sándor Molnár,et al.  Identification and Analysis of Peer-to-Peer Traffic , 2006, J. Commun..

[17]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[18]  Moritz Steiner,et al.  Resource monitoring for the detection of parasite P2P botnets , 2014, Comput. Networks.

[19]  Karl Aberer,et al.  An Overview of Peer-to-Peer Information Systems , 2002, WDAS.

[20]  Xiaolei Wang,et al.  PeerDigger: Digging Stealthy P2P Hosts through Traffic Analysis in Real-Time , 2014, 2014 IEEE 17th International Conference on Computational Science and Engineering.

[21]  Xiapu Luo,et al.  Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.