Recognizing P2P Botnets Characteristic Through TCP Distinctive Behaviour

Botnet has been identified as one of the most emerging threats to the Internet users. It has been attracted much attention and gives a big threat in network security. Through the year a number of Botnet variants have been introduced and the most lethal variants are known as peerto- peer (P2P) botnets which able to camouflaging itself as the benign P2P application. This evolution of Botnet variants has made it harder to detect and shut down. Alike any network connection, p2p similarly using TCP to initialize the communication between two parties. Based on this reason, this paper investigates the network traffic characteristics of normal P2P connection and P2P botnets through the TCP connection initialize or received between the bot to the bot master. The proposed mechanism detects and classifies the P2P botnet TCP connection behaviour from the normal P2P network traffic. This can be used for early warning of P2P botnet activities in the network and prevention mechanism.

[1]  Hossein Rouhani Zeidanloo,et al.  A taxonomy of Botnet detection techniques , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[2]  Wen-Hwa Liao,et al.  Peer to Peer Botnet Detection Using Data Mining Scheme , 2010, 2010 International Conference on Internet Technology and Applications.

[3]  Hossein Rouhani Zeidanloo,et al.  A proposed framework for P2P botnet detection , 2010 .

[4]  Ping Wang,et al.  Peer-to-Peer Botnets , 2010, Handbook of Information and Communication Security.

[5]  Beng Chin Ooi,et al.  Peer-to-Peer Computing - Principles and Applications , 2009 .

[6]  Dan Liu,et al.  A P2P-Botnet detection model and algorithms based on network streams analysis , 2010, 2010 International Conference on Future Information Technology and Management Engineering.

[7]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[8]  Hsinchun Chen,et al.  Botnets, and the cybercriminal underground , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[9]  Glen E. Clarke CCENT Certification All-In-One For Dummies , 2010 .

[10]  Akihiro Nakao,et al.  A Survey on the Use of Traffic Traces to Battle Internet Threats , 2010, 2010 Third International Conference on Knowledge Discovery and Data Mining.

[11]  Y. Robiah,et al.  Threshold Verification Technique for Network Intrusion Detection System , 2009, ArXiv.