The Aggregation and Stability Analysis of Network Traffic for Structured-P2P-based Botnet Detection
|
| Title | The Aggregation and Stability Analysis of Network Traffic for Structured-P2P-based Botnet Detection |
| Authors | |
| Abstract | Nowadays, botnets use peer-to-peer (P2P) networks for command and control (C&C) infrastructure. In contrast to traditional centralized-organized botnets, there is no central point of failure for structed-P2P-based botnets, which makes the botnets more concealable and robust and consequently degrades the botnet detection efficiency. In this work, an efficient structured-P2P-based botnet detection strategy through the aggregation and stability analysis of network traffic is proposed. Considering that the flows related to the structured-P2P-based bot exhibit stability on statistical meaning due to the impartial position in botnet and performing pre-programmed control activities automatically, we develop a stability detection subsystem to differentiate regular clients from bots. However, there may exist a large quantity of flows in supervised network, which makes botnet detection rather inefficient. Thus, a small flow-aggregation extraction subsystem is further developed to exclude a majority of flows unlikely for C&C communication of structured-P2P-based bots ahead of stability detection. Extensive experimental results show the proposed approach is very efficient and can detect structured-P2P-based botnet with low false positive ratio. |
| Publisher | ACADEMY PUBLISHER |
| Date | 2010-05-01 |
| Source | Journal of Networks Vol 5, No 5 (2010) |
| Rights | Copyright © ACADEMY PUBLISHER - All Rights Reserved.To request permission, please check out URL: http://www.academypublisher.com/copyrightpermission.html. |