Building a scalable system for stealthy P2P-botnet detection

Junjie Zhang, Roberto Perdisci, Wenke Lee, Xiapu Luo, Unum Sarfraz

Research output: Journal article publicationJournal articleAcademic researchpeer-review

64 Citations (Scopus)

Abstract

Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, the rapidly growing volume of network traffic calls for high scalability of detection systems. In this paper, we propose a novel scalable botnet detection system capable of detecting stealthy P2P botnets. Our system first identifies all hosts that are likely engaged in P2P communications. It then derives statistical fingerprints to profile P2P traffic and further distinguish between P2P botnet traffic and legitimate P2P traffic. The parallelized computation with bounded complexity makes scalability a built-in feature of our system. Extensive evaluation has demonstrated both high detection accuracy and great scalability of the proposed system.
Original languageEnglish
Article number6661360
Pages (from-to)27-38
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Volume9
Issue number1
DOIs
Publication statusPublished - 1 Jan 2014

Keywords

  • Botnet
  • intrusion detection
  • network security
  • P2P

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this