Skip to main content

2019 | OriginalPaper | Buchkapitel

Detect Peer-to-Peer Botnet with Permutation Entropy and Adaptive Information Fusion

verfasst von : Yuanzhang Song, Junting He, Hongyu Li

Erschienen in: Trusted Computing and Information Security

Verlag: Springer Singapore

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Aim to improve the detection accuracy, a novel peer-to-peer botnet detection method based on permutation entropy and adaptive information fusion algorithm was proposed. Permutation entropy was utilized to characterize the complexity measure of network traffic, which did not vary with the structure of peer-to-peer network, peer-to-peer protocol and attack type. Kalman filter was utilized to detect the abnormalities of the complexity measure. Furthermore, the features of TCP packets were utilized to reduce the negative impact of web applications on botnet detection, especially the web applications that were based on peer-to-peer protocols. To get more accurate information fusion result, an adaptive information fusion algorithm was proposed to fuse the above detection results to get the final detection result, which combined Dempster-Shafer theory and Dezert-Smarandache theory by using their superiorities and overcoming their disadvantages. The experiment results show that the proposed method is able to detect peer-to-peer botnet with higher accuracy and stronger robustness.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the storm (Peacomm) Worm. Computer Science Laboratory, SRI International, CA (2007) Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the storm (Peacomm) Worm. Computer Science Laboratory, SRI International, CA (2007)
2.
Zurück zum Zitat Wang, Z., Cai, Y.Y., Liu, L., et al.: Using coverage analysis to extract Botnet command-and-control protocol. J. Commun. 35(1), 156–166 (2014) Wang, Z., Cai, Y.Y., Liu, L., et al.: Using coverage analysis to extract Botnet command-and-control protocol. J. Commun. 35(1), 156–166 (2014)
3.
Zurück zum Zitat Yahyazadeh, M., Abadi, M.: BotGrab: a negative reputation system for Botnet detection. Comput. Electr. Eng. 41, 68–85 (2015)CrossRef Yahyazadeh, M., Abadi, M.: BotGrab: a negative reputation system for Botnet detection. Comput. Electr. Eng. 41, 68–85 (2015)CrossRef
4.
Zurück zum Zitat Wang, X., Yang, Q., Jin, X.: Periodic communication detection algorithm of Botnet based on quantum computing. Chin. J. Quant. Electron. 33(2), 182–187 (2016) Wang, X., Yang, Q., Jin, X.: Periodic communication detection algorithm of Botnet based on quantum computing. Chin. J. Quant. Electron. 33(2), 182–187 (2016)
5.
Zurück zum Zitat Chen, J., Cheng, X., Ruiying, D., et al.: BotGuard: lightweight real-time Botnet detection in software defined networks. Wuhan Univ. J. Nat. Sci. 22(2), 103–113 (2017)MathSciNetCrossRef Chen, J., Cheng, X., Ruiying, D., et al.: BotGuard: lightweight real-time Botnet detection in software defined networks. Wuhan Univ. J. Nat. Sci. 22(2), 103–113 (2017)MathSciNetCrossRef
6.
Zurück zum Zitat Karim, A., Salleh, R.B., Shiraz, M., et al.: Review: botnet detection techniques: review, future trends, and issues. J. Zhejiang Univ.-Sci. C (Comput. Electron.) 15(11), 943–983 (2014)CrossRef Karim, A., Salleh, R.B., Shiraz, M., et al.: Review: botnet detection techniques: review, future trends, and issues. J. Zhejiang Univ.-Sci. C (Comput. Electron.) 15(11), 943–983 (2014)CrossRef
7.
Zurück zum Zitat Mahmoud, M., Nir, M., Matrawy, A.: A survey on botnet architectures, detection and defences. Int. J. Netw. Secur. 17(3), 272–289 (2015) Mahmoud, M., Nir, M., Matrawy, A.: A survey on botnet architectures, detection and defences. Int. J. Netw. Secur. 17(3), 272–289 (2015)
8.
Zurück zum Zitat Li, K., Fang, B., Cui, X., et al.: Study of Botnets trends. J. Comput. Res. Dev. 53(10), 2189–2206 (2016) Li, K., Fang, B., Cui, X., et al.: Study of Botnets trends. J. Comput. Res. Dev. 53(10), 2189–2206 (2016)
9.
Zurück zum Zitat Yan, R., Liu, Y., Gao, R.X.: Permutation entropy: a nonlinear statistical measure for status characterization of rotary machines. Mech. Syst. Sig. Process. 29(5), 474–484 (2012)CrossRef Yan, R., Liu, Y., Gao, R.X.: Permutation entropy: a nonlinear statistical measure for status characterization of rotary machines. Mech. Syst. Sig. Process. 29(5), 474–484 (2012)CrossRef
10.
Zurück zum Zitat Cao, L.Y.: Practical method for determining the minimum embedding dimension of a scalar series. Phys. D Nonlinear Phenom. 110(1/2), 43–50 (1997)MATHCrossRef Cao, L.Y.: Practical method for determining the minimum embedding dimension of a scalar series. Phys. D Nonlinear Phenom. 110(1/2), 43–50 (1997)MATHCrossRef
11.
Zurück zum Zitat Wang, L., Wenqi, W., Wei, G., et al.: Online performance evaluation of RLG INS based on joint rotation and modulation. Opt. Precis. Eng. 26(3), 578–587 (2018)CrossRef Wang, L., Wenqi, W., Wei, G., et al.: Online performance evaluation of RLG INS based on joint rotation and modulation. Opt. Precis. Eng. 26(3), 578–587 (2018)CrossRef
12.
Zurück zum Zitat Zongming Liu, Yu., Zhang, S.L., et al.: Closed-loop detection and pose optimization of non-cooperation rotating target. Opt. Precis. Eng. 25(4), 504–511 (2017) Zongming Liu, Yu., Zhang, S.L., et al.: Closed-loop detection and pose optimization of non-cooperation rotating target. Opt. Precis. Eng. 25(4), 504–511 (2017)
13.
Zurück zum Zitat Cheng, L., Chen, J., Chen, M.: Fast acquisition of time optimal sliding model control technology for photoelectric tracking system. Opt. Precis. Eng. 25(1), 148–154 (2017)CrossRef Cheng, L., Chen, J., Chen, M.: Fast acquisition of time optimal sliding model control technology for photoelectric tracking system. Opt. Precis. Eng. 25(1), 148–154 (2017)CrossRef
14.
Zurück zum Zitat Li, Z., Li, X., Liu, Q., et al.: Adaptive fast initial attitude estimation for inflight loitering munition. Opt. Precis. Eng. 25(2), 493–501 (2017)CrossRef Li, Z., Li, X., Liu, Q., et al.: Adaptive fast initial attitude estimation for inflight loitering munition. Opt. Precis. Eng. 25(2), 493–501 (2017)CrossRef
15.
Zurück zum Zitat Min, W., Shi, J., Han, Q., et al.: A distributed face recognition approach and performance optimization. Opt. Precis. Eng. 25(3), 780–785 (2017) Min, W., Shi, J., Han, Q., et al.: A distributed face recognition approach and performance optimization. Opt. Precis. Eng. 25(3), 780–785 (2017)
16.
Zurück zum Zitat Zhou, J., Chen, J., Li, Y., et al.: Research on target prediction algorithm of shipboard photoelectric tracking equipment. Opt. Precis. Eng. 25(2), 519–528 (2017)CrossRef Zhou, J., Chen, J., Li, Y., et al.: Research on target prediction algorithm of shipboard photoelectric tracking equipment. Opt. Precis. Eng. 25(2), 519–528 (2017)CrossRef
17.
Zurück zum Zitat Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P traffic using application signatures. In: 13th International Conference on World Wide Web, pp. 512–521. ACM (2004) Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P traffic using application signatures. In: 13th International Conference on World Wide Web, pp. 512–521. ACM (2004)
18.
Zurück zum Zitat Kasera, S., Pinheiro, J., Loader, C.: Fast and robust signaling overload control. In: 9th International Conference on Network Protocols, pp. 323–331. IEEE, Riverside (2001) Kasera, S., Pinheiro, J., Loader, C.: Fast and robust signaling overload control. In: 9th International Conference on Network Protocols, pp. 323–331. IEEE, Riverside (2001)
20.
Zurück zum Zitat Mruphy, C.K.: Combing belief function when evidence conflicts. Decis. Support Syst. 29(1), 1–9 (2000)CrossRef Mruphy, C.K.: Combing belief function when evidence conflicts. Decis. Support Syst. 29(1), 1–9 (2000)CrossRef
22.
Zurück zum Zitat Zadeh, L.: A simple view of the Dempster-Shafer theory of evidence and its implication for the rule of combination. AI Mag. 7(2), 85–90 (1986) Zadeh, L.: A simple view of the Dempster-Shafer theory of evidence and its implication for the rule of combination. AI Mag. 7(2), 85–90 (1986)
23.
Zurück zum Zitat Mathon, B.R., Ozbek, M.M., Pinder, G.F.: Dempster-shafer theory applied to uncertainty surrounding permeability. Math. Geosci. 42, 293–307 (2010)MATHCrossRef Mathon, B.R., Ozbek, M.M., Pinder, G.F.: Dempster-shafer theory applied to uncertainty surrounding permeability. Math. Geosci. 42, 293–307 (2010)MATHCrossRef
24.
Zurück zum Zitat Smarandache, F., Dezert, J.: Advances and Applications of DSmT for Information Fusion, vol. 2. American Research Press, Rehoboth (2006)MATH Smarandache, F., Dezert, J.: Advances and Applications of DSmT for Information Fusion, vol. 2. American Research Press, Rehoboth (2006)MATH
26.
Zurück zum Zitat Zhaoa, D., Traorea, I., Sayed, B., et al.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)CrossRef Zhaoa, D., Traorea, I., Sayed, B., et al.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)CrossRef
27.
Zurück zum Zitat Kang, J., Zhang, J.-Y., Li, Q., et al.: Detecting New P2P botnet with multi-chart CUSUM. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 688–691. IEEE, Wuhan (2009) Kang, J., Zhang, J.-Y., Li, Q., et al.: Detecting New P2P botnet with multi-chart CUSUM. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 688–691. IEEE, Wuhan (2009)
28.
Zurück zum Zitat Kang, J., Song, Y.: Application KCFM to detect new P2P botnet based on multi-observed sequence. In: Geomatics and Information Science of Wuhan University, vol. 35, no. 5, pp. 520–523 (2010) Kang, J., Song, Y.: Application KCFM to detect new P2P botnet based on multi-observed sequence. In: Geomatics and Information Science of Wuhan University, vol. 35, no. 5, pp. 520–523 (2010)
29.
Zurück zum Zitat Song, Y.: Detecting P2P botnet by analyzing macroscopic characteristics with fractal and information fusion. China Commun. 12(2), 107–117 (2015)CrossRef Song, Y.: Detecting P2P botnet by analyzing macroscopic characteristics with fractal and information fusion. China Commun. 12(2), 107–117 (2015)CrossRef
Metadaten
Titel
Detect Peer-to-Peer Botnet with Permutation Entropy and Adaptive Information Fusion
verfasst von
Yuanzhang Song
Junting He
Hongyu Li
Copyright-Jahr
2019
Verlag
Springer Singapore
DOI
https://doi.org/10.1007/978-981-13-5913-2_3