| Title | A Hybrid Technique To Detect Botnets, Based on P2P Traffic Similarity |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Khan, Riaz Ullah, Kumar, Rajesh, Alazab, Mamoun, Zhang, Xiaosong |
| Conference Name | 2019 Cybersecurity and Cyberforensics Conference (CCC) |
| Date Published | may |
| Keywords | anomaly detection, Botnet, Botnet detection, Classification algorithms, Computer crime, computer network security, conversation features, data flow features, DNS query, feature extraction, flow counting, flow similarity, human factors, hybrid technique, hypermedia, invasive software, IP networks, learning (artificial intelligence), machine learning algorithms, machine learning classifiers, machine learning techniques, malicious services, Metrics, multiple malicious codes, Network security, network traffic, non-P2P traffic filtering mechanism, P2P botnet traffic detection, P2P traffic identification, P2P traffic similarity, pattern classification, peer to peer security, peer-to-peer botnets, Peer-to-peer computing, phishing links, Protocols, pubcrawl, Resiliency, Scalability, telecommunication traffic, transport protocols, two-stage detection method, two-stage traffic classification method |
| Abstract | The botnet has been one of the most common threats to the network security since it exploits multiple malicious codes like worm, Trojans, Rootkit, etc. These botnets are used to perform the attacks, send phishing links, and/or provide malicious services. It is difficult to detect Peer-to-peer (P2P) botnets as compare to IRC (Internet Relay Chat), HTTP (HyperText Transfer Protocol) and other types of botnets because of having typical features of the centralization and distribution. To solve these problems, we propose an effective two-stage traffic classification method to detect P2P botnet traffic based on both non-P2P traffic filtering mechanism and machine learning techniques on conversation features. At the first stage, we filter non-P2P packages to reduce the amount of network traffic through well-known ports, DNS query, and flow counting. At the second stage, we extract conversation features based on data flow features and flow similarity. We detected P2P botnets successfully, by using Machine Learning Classifiers. Experimental evaluations show that our two-stage detection method has a higher accuracy than traditional P2P botnet detection methods. |
| DOI | 10.1109/CCC.2019.00008 |
| Citation Key | khan_hybrid_2019 |
A Hybrid Technique To Detect Botnets, Based on P2P Traffic Similarity