Title :
Detecting New P2P Botnet with Multi-chart CUSUM
Author :
Kang, Jian ; Zhang, Jun-Yao ; Li, Qiang ; Li, Zhuo
Author_Institution :
Dept. of Comput. Sci. & Technol., Jilin Univ., Changchun
Abstract :
Botnets have been recognized as one of the most important threats to the Internet security. They are engaged in DDOS attacks, email spamming and other malicious activities likewise. Traditional botnets usually organized themselves in a hierarchy architecture, which offers professionals opportunities to detect or defend the botnets in their servers. However, newly-appeared P2P botnet such as Storm botnet, are revealing a decentralized feature, which brought difficulties in detection and mitigation. We believe that it is the very trend of future botnet development - adopting more sophisticated methods from being detected. Thus, in this paper, we analyze the basic principles and mechanism of this decentralized P2P botnet, and present a novel detecting method using multi-chart CUSUM.
Keywords :
Internet; invasive software; unsolicited e-mail; DDOS attacks; Internet security; Storm botnet; decentralized P2P botnet; email spamming; malicious activities; multi-chart CUSUM; Computer networks; Computer science; Computer security; IP networks; Internet; Network servers; Storms; Testing; Web server; Wireless communication; Detection; Multi-chart CUSUM; P2P Botnet; Storm;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.107
