PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations

Author

Narang, Pratik ; Ray, Subhajit ; Hota, Chittaranjan ; Venkatakrishnan, Venkat

Author_Institution

Dept. of Comput. Sci. & Inf. Syst., Birla Inst. of Technol. & Sci.-Pilani, Hyderabad, India

fYear

2014

fDate

17-18 May 2014

Firstpage

108

Lastpage

115

Abstract

The decentralized nature of Peer-to-Peer (P2P) botnets makes them difficult to detect. Their distributed nature also exhibits resilience against take-down attempts. Moreover, smarter bots are stealthy in their communication patterns, and elude the standard discovery techniques which look for anomalous network or communication behavior. In this paper, we propose PeerShark, a novel methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Instead of the traditional 5-tuple ´flow-based´ detection approach, we use a 2-tuple ´conversation-based´ approach which is port-oblivious, protocol-oblivious and does not require Deep Packet Inspection. PeerShark could also classify different P2P applications with an accuracy of more than 95%.

Keywords

computer network security; invasive software; peer-to-peer computing; telecommunication traffic; 2-tuple conversation-based approach; P2P applications; P2P botnet traffic; PeerShark; anomalous network; communication behavior; communication patterns; conversations tracking; flow-based detection; peer-to-peer botnets detection; port-oblivious; protocol-oblivious; standard discovery techniques; Electronic mail; Feature extraction; Firewalls (computing); IP networks; Internet; Peer-to-peer computing; Ports (Computers); botnet; machine learning; peer-to-peer;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy Workshops (SPW), 2014 IEEE

Conference_Location

San Jose, CA

Type

conf

DOI

10.1109/SPW.2014.25

Filename

6957293