Abstract
Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, the rapidly growing volume of network traffic calls for high scalability of detection systems. In this paper, we propose a novel scalable botnet detection system capable of detecting stealthy P2P botnets. Our system first identifies all hosts that are likely engaged in P2P communications. It then derives statistical fingerprints to profile P2P traffic and further distinguish between P2P botnet traffic and legitimate P2P traffic. The parallelized computation with bounded complexity makes scalability a built-in feature of our system. Extensive evaluation has demonstrated both high detection accuracy and great scalability of the proposed system.
| Original language | English |
|---|---|
| Article number | 6661360 |
| Pages (from-to) | 27-38 |
| Number of pages | 12 |
| Journal | IEEE Transactions on Information Forensics and Security |
| Volume | 9 |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 1 Jan 2014 |
Keywords
- Botnet
- intrusion detection
- network security
- P2P
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications