Identifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis
Title | Identifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Wang, Pengfei, Wang, Fengyu, Lin, Fengbo, Cao, Zhenzhong |
Conference Name | 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
Publisher | IEEE |
ISBN Number | 978-1-5386-4388-4 |
Keywords | Botnet, Botnet detection, computer network security, Conferences, feature extraction, Human Behavior, human factor, human factors, invasive software, IP addresses, IP networks, Metrics, Monitoring, Network security, P2P botnet, P2P bots, P2P communications, P2P hosts, peer to peer security, peer-to-peer botnets, Peer-to-peer computing, PeerGrep, periodicity behavior, Periodicity Behavior Analysis, pubcrawl, resilience, Resiliency, Scalability, security, Spark |
Abstract | Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network. |
URL | https://ieeexplore.ieee.org/document/8455919 |
DOI | 10.1109/TrustCom/BigDataSE.2018.00051 |
Citation Key | wang_identifying_2018 |
- P2P bots
- Spark
- security
- Scalability
- Resiliency
- resilience
- pubcrawl
- Periodicity Behavior Analysis
- periodicity behavior
- PeerGrep
- Peer-to-peer computing
- peer-to-peer botnets
- peer to peer security
- P2P hosts
- P2P communications
- botnet
- P2P botnet
- network security
- Monitoring
- Metrics
- IP networks
- IP addresses
- invasive software
- Human Factors
- human factor
- Human behavior
- feature extraction
- Conferences
- computer network security
- Botnet detection