• DocumentCode
    592908
  • Title

    P2P Botnet Detection Based on Irregular Phased Similarity

  • Author

    Huabo Li ; Guyu Hu ; Jian Yuan ; Haiguang Lai

  • Author_Institution
    Inst. of Command Autom., PLAUST, Nanjing, China
  • fYear
    2012
  • fDate
    8-10 Dec. 2012
  • Firstpage
    79
  • Lastpage
    82
  • Abstract
    Botnets provide a botmaster infrastructure of management and use of cyber attack capabilities and have become one of the most significant threats to the Internet. The emergence of P2P botnets, which are more stealthy, robust and hazardous, has posed great challenges to botnet detection researches. The paper proposes a novel common P2P botnet detection approach that is able to identify unknown P2P botnets, even in the case that the target network had only a single bot. The traffic generated by a P2P bot has phased similar patterns, which occur at irregular intervals. This feature is called Irregular Phased Similarity (IPS) in the paper. The proposed approach detects P2P bots by identifying IPS characteristic. The experimental evaluation shows the efficiency of the approach on detecting the Storm and Waledac botnets.
  • Keywords
    Internet; computer network security; peer-to-peer computing; IPS; Internet; P2P botnet detection; botmaster infrastructure; cyber attack capabilities; irregular phased similarity; storm botnets; waledac botnets; Automation; Filtering; IP networks; Internet; Robustness; Storms; Telecommunication traffic; P2P; botnet; detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2012 Second International Conference on
  • Conference_Location
    Harbin
  • Print_ISBN
    978-1-4673-5034-1
  • Type

    conf

  • DOI
    10.1109/IMCCC.2012.25
  • Filename
    6428857
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=592908