Title :
P2P Botnet Detection through Malicious Fast Flux Network Identification
Author :
Zhao, David ; Traore, Issa
Author_Institution :
Dept. of Electr. & Comput. Eng., Univ. of Victoria, Victoria, BC, Canada
Abstract :
A recent development in botnet technology is the adoption of P2P architecture as way to improve botnet resilience to disruption compared to the centralized architecture used by early botnets. Furthermore, in order to increase stealth and evade detection, many P2P botnets, such as storm, are employing fast flux service networks (FFSNs). We propose in this paper, a new P2P botnet detection approach by identifying malicious FFSNs. We define and compute a number of metrics from captured network flows which are analyzed using machine learning classification. For the proposed approach, we show experimentally that the presence of botnets may be detected with a high accuracy and identify its potential limitations.
Keywords :
invasive software; learning (artificial intelligence); pattern classification; peer-to-peer computing; P2P architecture; P2P botnet detection; botnet resilience; botnet technology; centralized architecture; detection evasion; disruption resilience; fast flux service network; machine learning classification; malicious FFSN identification; malicious fast flux network identification; network flow; stealth; storm; Accuracy; Detectors; IP networks; Monitoring; Servers; Velocity measurement; Fast Flux Networks; Network Flows; P2P Botnet Detection; Traffic Behavior Analysis;
Conference_Titel :
P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2012 Seventh International Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4673-2991-0
DOI :
10.1109/3PGCIC.2012.48
