nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.12.2014

A novel method of mining network flow to detect P2P botnets

verfasst von: Shu-Chiung Lin, Patrick S. Chen, Chia-Ching Chang

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 4/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Botnets are a serious threat to cyber-security. As a consequence, botnet detection has become an important research topic in network protection and cyber-crime prevention. P2P botnets are one of the most malicious zombie networks, as their architecture imitates P2P software. Characteristics of P2P botnets include (1) the use of multiple controllers to avoid single-point failure; (2) the use of encryption to evade misuse detection technologies; and (3) the capacity to evade anomaly detection, usually by initiating numerous sessions without consuming substantial bandwidth. To overcome these difficulties, we propose a novel data mining method. First, we identify the differences between P2P botnet behavior and normal network behavior. Then, we use these differences to tune the data-mining parameters to cluster and distinguish normal Internet behavior from that lurking P2P botnets. This method can identify a P2P botnet without breaking the encryption. Furthermore, the detection system can be deployed without altering the existing network architecture, and it can detect the existence of botnets in a complex traffic mix before they attack. The experimental results reveal that the method is effective in recognizing the existence of botnets. Accordingly, the results of this study will be of value to information security academics and practitioners.

Vorheriger Artikel Security analysis of block cipher Piccolo suitable for wireless sensor networks

Nächster Artikel The optimal split method of large integer multiplication for smart low-end devices on P2P ubiquitous networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Al-Hammadi J, Aickelin U, Greensmith J (2008) DCA for bot detection. IEEE Congress on Evolutionary Computation

Jiang H, Shao X (2012) Detecting P2P botnets by discovering flow dependency in C&C traffic. Peer-to-Peer Networking and Applications 1–12

Kumar K, Spafford E (1994) An application of pattern matching in intrusion detection. Tech. Rep, Purdue University

Grizzard JB, Sharma V, Nunnery C, Kang BB (2007) Peer-to-peer botnets: Overview and case study. First Workshop on Hot Topics in Understanding Botnets (HotBots '07)

Langin C, Zhou H, Rahimi S, Gupta B, Zargham M, Sayeh MR (2009) A self-organizing map and its modeling for discovering malignant network traffic. IEEE Computational Intelligence in Cyber Security (CICS '09)

Wang Z, Wang J, Huang W, Xia C (2010) The detection of IRC botnet based on abnormal behavior. 2010 Second International Conference on Multimedia and Information Technology (MMIT)

Schiller CA (2007) Botnets the killer web app ([Online-Ausg.]). Syngress Publishing, Rockland

Al-Duwairi B, Manimaran G (2009) JUST-Google: A search engine-based defense against botnet-based DDoS attacks. IEEE International Conference on Communications (ICC '09)

Zhu Z, Lu G, Chen Y, Fu ZJ, Roberts P, Han K (2008) Botnet research survey. 32nd Annual IEEE International Computer Software and Applications (COMPSAC '08)

10.

Dittrich D, Dietrich S (2008) P2P as botnet command and control: A deeper insight. 3rd International Conference on Malicious and Unwanted Software (MALWARE 2008)

11.

Stock B, Göbel J, Engelberth M, Freiling FC, Holz T (2009) Walowdac - Analysis of a peer-to-peer botnet. 2009 European Conference on Computer Network Defense (EC2ND)

12.

WIKI, http://www.wikipedia.com/botnet/ Retrieved on Sep. 10, 2012

13.

Damballa, The command structure of the operation Aurora botnet: history, patterns, and findings. Operation Aurora— the command structure. http://www.damballa.com/research/aurora/2010

14.

Nazario J, Holz T (2008) As the net churns: Fast-flux botnet observations. 3rd International Conference on Malicious and Unwanted Software (MALWARE 2008)

15.

Livadas C, Walsh, R, Lapsley, D, Strayer, WT (2006) Using Machine Learning Techniques to Identify Botnet Traffic. Proceedings 2006 31st IEEE Conference on Local Computer Networks (WoNS'2006) 967–974

16.

Lu W, Tavallaee M, Ghorbani AA (2009) Automatic discovery of botnet communities on large-scale communication networks. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS '09)

17.

Chen CM, Ou YH, Tsai YC (2010) Web botnet detection based on flow information, 2010 International Computer Symposium (ICS)

18.

Binkley JR, Singh S (2006) An algorithm for anomaly-based botnet detection. Steps to Reducing Unwanted Traffic on the Internet (SRUTI’06), San Jose, CA

19.

Strayer WT, Walsh R, Livadas C, Lapsley D (2006) Detecting botnets with tight command and control. IEEE LCN Workshop on Network Security (WoNS'2006)

20.

Masud MM, Al-khateeb T, Khan L, Thuraisingham B, Hamlen KW (2008) Flow-based identification of botnet traffic by mining multiple log files. International Conference on Distributed Framework and Applications (DFmA 2008)

21.

Kang J, Zhang JY, Li Q, Li Z (2009) Detecting new P2P botnet with multi-chart CUSUM. International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC '09)

22.

Al-Duwairi B, Al-Ebbini L (2010) BotDigger: A fuzzy inference system for botnet detection. Fifth International Conference on Internet Monitoring and Protection (ICIMP)

23.

Zeidanloo HR, Hosseinpour F, Borazjani PN (2010) Botnet detection based on common network behaviors by utilizing artificial immune system (AIS). 2nd International Conference on Software Technology and Engineering (ICSTE)

24.

Shahrestani A, Feily M, Ahmad R, Ramadass S (2009) Architecture for applying data mining and visualization on network flow for botnet traffic detection. International Conference on Computer Technology and Development (ICCTD '09)

25.

Choi H, Lee H, Lee H, Kim H (2007) Botnet detection by monitoring group activities in DNS traffic. 7th IEEE International Conference on Computer and Information Technology (CIT 2007)

26.

Masud MM, Gao J, Khan L, Han J, Thuraisingham B (2008). Peer to peer botnet detection for cyber-security: A data mining approach. Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead (CSIIRW '08)

27.

Zeidanloo HR, Manaf AB, Vahdani P, Tabatabaei F, Zamani M (2010) Botnet detection based on traffic monitoring. 2010 International Conference on Networking and Information Technology (ICNIT)

28.

Hu J, Li Z, Yao D, Yu J (2009) Measuring botnet size by using URL and collaborative mailservers. Fifth International Conference on Networking and Services (ICNS '09)

29.

Ma X, Guan X, Tao J, Zheng Q, Guo Y, Liu L, Zhao S (2010) A novel IRC botnet detection method based on packet size sequence. 2010 IEEE International Conference on Communications (ICC)

30.

Rajab MA, Zarfoss J, Monrose F, Terzis A (2007) My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets (HotBots'07)

31.

Bensoussan A, Kantarcioglu M, Hoe SR (2010) A game-theoretical approach for finding optimal strategies in a botnet defense model. Proceedings of the First international conference on Decision and game theory for security (GameSec'10)

32.

Stinson E, Mitchell JC (2008) Towards systematic evaluation of the evadability of bot/botnet detection methods. Proceedings of the 2nd conference on USENIX Workshop on offensive technologies (WOOT'08)

33.

WEKA, http://www.cs.waikato.ac.nz/ml/weka/ Retrived on Sep. 10, 2012

34.

Shirley B, Mano CD (2008) Sub-botnet coordination using tokens in a switched network. IEEE Global Telecommunications Conference (IEEE GLOBECOM 2008)

35.

Ji SG, Im CT, Kim MJ, Jeong HC (2008) Botnet detection and response architecture for offering secure Internet services. International Conference on Security Technology (SECTECH '08)

36.

Cremonini M, Riccardi M (2009) The Dorothy Project: An open botnet analysis framework for automatic tracking and activity visualization. European Conference on Computer Network Defense (EC2ND)

37.

Tanner BK, Warner G, Stern H, Olechowski S (2010) Koobface: The evolution of the social botnet. 2010 eCrime Researchers Summit (eCrime)

Titel: A novel method of mining network flow to detect P2P botnets
verfasst von: Shu-Chiung Lin
Patrick S. Chen
Chia-Ching Chang
Publikationsdatum: 01.12.2014
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 4/2014
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-012-0195-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2014

Peer-to-peer as an infrastructure service

A D-S evidence theory based fuzzy trust model in file-sharing P2P networks

Distributed Denial of Service (DDoS) detection by traffic pattern analysis

An efficient ECC-based mechanism for securing network coding-based P2P content distribution

An effective authentication mechanism for ubiquitous collaboration in heterogeneous computing environment

Router architecture evaluation for security network