PeerFox: Detecting parasite P2P botnets in their waiting stage

Peer-to-Peer (P2P) botnets have emerged as a significant threat against network security because of their distributed platform. The decentralized nature of these botnets makes their detection very challenging and the situation gets aggravated if an existing P2P network is exploited for botnet creation (parasite botnets). In this paper, we present a two-tier detection scheme to detect parasite P2P botnets. Our approach detects botnets in their waiting stage itself, without any requirement of seed information about bots and bots´ signature. We have considered two basic behavior of botnets for detection: (i) long-living peers and (ii) search requests´ intensity. The approach is able to detect bots from a monitored network with accuracy above 99% at the same time addressing several shortcomings of previous detection approaches.