Role of handshaking packets in improving peer to peer BotNet detection

BotNet is a network based attack that has emerged as a serious threat to Internet community and has been a common weapon for committing cybercrimes such as spam generation, stealing sensitive information, click fraud and DDOS attacks. Botnet is a network of hosts remotely controlled and coordinated under a common command and control infrastructure. P2P BotNets represent a recent and most challenging class of BotNets currently available which are hard to detect due to their decentralized architecture. A P2P botnet detection technique based on network behavior analysis has been proposed in this work. We have aggregated features from the most popular prior works based on network behavior analysis and augmented them with a new set of features which are particularly emphasizing on control packets. We study the behavior of these control packets particularly the handshaking signals exchanged in botnet traffic with respect to normal traffic. Results and analysis clearly show that proposed control packets based features play a major role in botnet detection. Further, to decide how many handshaking packets are to be considered, we perform correlation analysis and results for the same are also mentioned.