Visible to the public A Two-stage P2P Botnet Detection Method Based on Statistical Features

Submitted by grigby1 on Tue, 03/09/2021 - 2:25pm
TitleA Two-stage P2P Botnet Detection Method Based on Statistical Features
Publication TypeConference Paper
Year of Publication2020
AuthorsZhou, B., He, J., Tan, M.
Conference Name2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS)
Date PublishedOct. 2020
PublisherIEEE
ISBN Number978-1-7281-6579-0
Keywordsbenign P2P hosts, Botnet, botnets, composability, computer network security, detection, feature extraction, invasive software, machine learning, Metrics, Monitoring, Network security, P2P, Payloads, Peer-to-peer computing, pubcrawl, Real-time Systems, resilience, Resiliency, software engineering, statistical analysis, statistical feature, telecommunication traffic, traffic statistical features, two-stage P2P botnet detection method, unsolicited e-mail
Abstract

P2P botnet has become one of the most serious threats to today's network security. It can be used to launch kinds of malicious activities, ranging from spamming to distributed denial of service attack. However, the detection of P2P botnet is always challenging because of its decentralized architecture. In this paper, we propose a two-stage P2P botnet detection method which only relies on several traffic statistical features. This method first detects P2P hosts based on three statistical features, and then distinguishes P2P bots from benign P2P hosts by means of another two statistical features. Experimental evaluations on real-world traffic datasets shows that our method is able to detect hidden P2P bots with a detection accuracy of 99.7% and a false positive rate of only 0.3% within 5 minutes.
URLhttps://ieeexplore.ieee.org/document/9237706
DOI10.1109/ICSESS49938.2020.9237706
Citation Keyzhou_two-stage_2020
Groups: