Towards Accurate Node-Based Detection of P2P Botnets

Botnets are a serious security threat to the current Internet infrastructure. In this paper, we propose a novel direction for P2P botnet detection called node-based detection. This approach focuses on the network characteristics of individual nodes. Based on our model, we examine node's flows and extract the useful features over a given time period. We have tested our approach on real-life data sets and achieved detection rates of 99-100% and low false positives rates of 0–2%. Comparison with other similar approaches on the same data sets shows that our approach outperforms the existing approaches.

[1]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[2]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[3]  Luca Salgarelli,et al.  A statistical approach to IP-level classification of network traffic , 2006, 2006 IEEE International Conference on Communications.

[4]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[5]  Heejo Lee,et al.  Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[6]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[7]  U. Aickelin,et al.  Detecting Bots Based on Keylogging Activities , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[8]  István Szabó,et al.  On the Validation of Traffic Classification Algorithms , 2008, PAM.

[9]  Claudio Mazzariello IRC Traffic Analysis for Botnet Detection , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[10]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[11]  Jie Ma,et al.  Measuring Peer-to-Peer Botnets Using Control Flow Stability , 2009, 2009 International Conference on Availability, Reliability and Security.

[12]  Fei Liu,et al.  A novel Bot detection algorithm based on API call correlation , 2010, 2010 Seventh International Conference on Fuzzy Systems and Knowledge Discovery.

[13]  Georg Carle,et al.  Packet sampling for worm and botnet detection in TCP connections , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[14]  Wen-Hwa Liao,et al.  Peer to Peer Botnet Detection Using Data Mining Scheme , 2010, 2010 International Conference on Internet Technology and Applications.

[15]  Wang Jinsong,et al.  The Detection of IRC Botnet Based on Abnormal Behavior , 2010, 2010 Second International Conference on Multimedia and Information Technology.

[16]  Jing Tao,et al.  A Novel IRC Botnet Detection Method Based on Packet Size Sequence , 2010, 2010 IEEE International Conference on Communications.

[17]  Basheer Al-Duwairi,et al.  BotDigger: A Fuzzy Inference System for Botnet Detection , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[18]  Dan Liu,et al.  A P2P-Botnet detection model and algorithms based on network streams analysis , 2010, 2010 International Conference on Future Information Technology and Management Engineering.

[19]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[20]  Wang Xiao-wei Method of Choosing Optimal Characters for Network Intrusion Detection System , 2010 .

[21]  Lei Zhen-ming Research of Automatically Generating Signatures for Botnets , 2011 .

[22]  Chun-Ying Huang,et al.  A fuzzy pattern-based filtering algorithm for botnet detection , 2011, Comput. Networks.

[23]  Christopher Krügel,et al.  Analysis of a Botnet Takeover , 2011, IEEE Security & Privacy.

[24]  Jian Kang,et al.  Accurate Detection of Peer-to-Peer Botnet using Multi-Stream Fused Scheme , 2011, J. Networks.