Building a Scalable System for Stealthy P2P-Botnet Detection

Author

Junjie Zhang ; Perdisci, Roberto ; Wenke Lee ; Xiapu Luo ; Sarfraz, Unum

Author_Institution

Dept. of Comput. Sci. & Eng., Wright State Univ., Dayton, OH, USA

Volume

9

Issue

1

fYear

2014

fDate

Jan. 2014

Firstpage

27

Lastpage

38

Abstract

Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, the rapidly growing volume of network traffic calls for high scalability of detection systems. In this paper, we propose a novel scalable botnet detection system capable of detecting stealthy P2P botnets. Our system first identifies all hosts that are likely engaged in P2P communications. It then derives statistical fingerprints to profile P2P traffic and further distinguish between P2P botnet traffic and legitimate P2P traffic. The parallelized computation with bounded complexity makes scalability a built-in feature of our system. Extensive evaluation has demonstrated both high detection accuracy and great scalability of the proposed system.

Keywords

computer network security; peer-to-peer computing; telecommunication traffic; P2P botnet traffic; P2P communications; detection systems; malicious activities; network traffic; peer-to-peer botnets; scalable system; statistical fingerprints; stealthy P2P botnet detection; Educational institutions; Electronic mail; Feature extraction; Monitoring; Overlay networks; Peer-to-peer computing; Scalability; Botnet; P2P; intrusion detection; network security;

fLanguage

English

Journal_Title

Information Forensics and Security, IEEE Transactions on

Publisher

ieee

ISSN

1556-6013

Type

jour

DOI

10.1109/TIFS.2013.2290197

Filename

6661360