Title :
P2P Botnet Detection Based on Irregular Phased Similarity
Author :
Huabo Li ; Guyu Hu ; Jian Yuan ; Haiguang Lai
Author_Institution :
Inst. of Command Autom., PLAUST, Nanjing, China
Abstract :
Botnets provide a botmaster infrastructure of management and use of cyber attack capabilities and have become one of the most significant threats to the Internet. The emergence of P2P botnets, which are more stealthy, robust and hazardous, has posed great challenges to botnet detection researches. The paper proposes a novel common P2P botnet detection approach that is able to identify unknown P2P botnets, even in the case that the target network had only a single bot. The traffic generated by a P2P bot has phased similar patterns, which occur at irregular intervals. This feature is called Irregular Phased Similarity (IPS) in the paper. The proposed approach detects P2P bots by identifying IPS characteristic. The experimental evaluation shows the efficiency of the approach on detecting the Storm and Waledac botnets.
Keywords :
Internet; computer network security; peer-to-peer computing; IPS; Internet; P2P botnet detection; botmaster infrastructure; cyber attack capabilities; irregular phased similarity; storm botnets; waledac botnets; Automation; Filtering; IP networks; Internet; Robustness; Storms; Telecommunication traffic; P2P; botnet; detection;
Conference_Titel :
Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2012 Second International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4673-5034-1
DOI :
10.1109/IMCCC.2012.25
