Application Entropy Theory to Detect New Peer-to-Peer Botnet with Multi-chart CUSUM

Author

Kang, Jian ; Zhang, Jun-Yao

Author_Institution

Dept. of Comput. Sci. & Technol., Jilin Univ., Changchun, China

Volume

1

fYear

2009

fDate

22-24 May 2009

Firstpage

470

Lastpage

474

Abstract

Botnets have been recognized as one of the most important threats to the security of the Internet. They engage in distributed denial of service (DDOS) attacks, email spamming and other malicious activities likewise. As evolving new features such as decentralized architecture, using P2P networks and etc, new peer-to-peer(P2P) botnets could no longer be indicated effectively and accurately by using the traditional detection methods. And we believe that adopting more sophisticated methods from being detected would be the very trend of future botnet development. Thus, in this paper, based on several of the new P2P botnet characteristic properties, we propose a novel detecting method applying the information entropy theory in the detection multi-chart CUSUM. With verification of experiments, it successfully detects the botnet with a relatively high precision.

Keywords

Internet; entropy; peer-to-peer computing; security of data; software agents; Internet security; application entropy theory; decentralized architecture; distributed denial of service attacks; email spamming; malicious activities; multichart CUSUM; peer-to-peer botnet detection; Application software; Computer security; Electronic commerce; Information entropy; Internet; Network servers; Peer to peer computing; Storms; Testing; Web server; Detection; Information Entropy; Multi-chart CUSUM; P2P Botnet; Storm;

fLanguage

English

Publisher

ieee

Conference_Titel

Electronic Commerce and Security, 2009. ISECS '09. Second International Symposium on

Conference_Location

Nanchang

Print_ISBN

978-0-7695-3643-9

Type

conf

DOI

10.1109/ISECS.2009.61

Filename

5209713