Top

Published in:

2019 | OriginalPaper | Chapter

Detect Peer-to-Peer Botnet with Permutation Entropy and Adaptive Information Fusion

Authors : Yuanzhang Song, Junting He, Hongyu Li

Published in: Trusted Computing and Information Security

Publisher: Springer Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Aim to improve the detection accuracy, a novel peer-to-peer botnet detection method based on permutation entropy and adaptive information fusion algorithm was proposed. Permutation entropy was utilized to characterize the complexity measure of network traffic, which did not vary with the structure of peer-to-peer network, peer-to-peer protocol and attack type. Kalman filter was utilized to detect the abnormalities of the complexity measure. Furthermore, the features of TCP packets were utilized to reduce the negative impact of web applications on botnet detection, especially the web applications that were based on peer-to-peer protocols. To get more accurate information fusion result, an adaptive information fusion algorithm was proposed to fuse the above detection results to get the final detection result, which combined Dempster-Shafer theory and Dezert-Smarandache theory by using their superiorities and overcoming their disadvantages. The experiment results show that the proposed method is able to detect peer-to-peer botnet with higher accuracy and stronger robustness.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Impossible Differential Cryptanalysis of SPECK

next chapter Research of Snort Rule Extension and APT Detection Based on APT Network Behavior Analysis

Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the storm (Peacomm) Worm. Computer Science Laboratory, SRI International, CA (2007)

Wang, Z., Cai, Y.Y., Liu, L., et al.: Using coverage analysis to extract Botnet command-and-control protocol. J. Commun. 35(1), 156–166 (2014)

Yahyazadeh, M., Abadi, M.: BotGrab: a negative reputation system for Botnet detection. Comput. Electr. Eng. 41, 68–85 (2015)CrossRef

Wang, X., Yang, Q., Jin, X.: Periodic communication detection algorithm of Botnet based on quantum computing. Chin. J. Quant. Electron. 33(2), 182–187 (2016)

Chen, J., Cheng, X., Ruiying, D., et al.: BotGuard: lightweight real-time Botnet detection in software defined networks. Wuhan Univ. J. Nat. Sci. 22(2), 103–113 (2017)MathSciNetCrossRef

Karim, A., Salleh, R.B., Shiraz, M., et al.: Review: botnet detection techniques: review, future trends, and issues. J. Zhejiang Univ.-Sci. C (Comput. Electron.) 15(11), 943–983 (2014)CrossRef

Mahmoud, M., Nir, M., Matrawy, A.: A survey on botnet architectures, detection and defences. Int. J. Netw. Secur. 17(3), 272–289 (2015)

Li, K., Fang, B., Cui, X., et al.: Study of Botnets trends. J. Comput. Res. Dev. 53(10), 2189–2206 (2016)

Yan, R., Liu, Y., Gao, R.X.: Permutation entropy: a nonlinear statistical measure for status characterization of rotary machines. Mech. Syst. Sig. Process. 29(5), 474–484 (2012)CrossRef

10.

Cao, L.Y.: Practical method for determining the minimum embedding dimension of a scalar series. Phys. D Nonlinear Phenom. 110(1/2), 43–50 (1997)MATHCrossRef

11.

Wang, L., Wenqi, W., Wei, G., et al.: Online performance evaluation of RLG INS based on joint rotation and modulation. Opt. Precis. Eng. 26(3), 578–587 (2018)CrossRef

12.

Zongming Liu, Yu., Zhang, S.L., et al.: Closed-loop detection and pose optimization of non-cooperation rotating target. Opt. Precis. Eng. 25(4), 504–511 (2017)

13.

Cheng, L., Chen, J., Chen, M.: Fast acquisition of time optimal sliding model control technology for photoelectric tracking system. Opt. Precis. Eng. 25(1), 148–154 (2017)CrossRef

14.

Li, Z., Li, X., Liu, Q., et al.: Adaptive fast initial attitude estimation for inflight loitering munition. Opt. Precis. Eng. 25(2), 493–501 (2017)CrossRef

15.

Min, W., Shi, J., Han, Q., et al.: A distributed face recognition approach and performance optimization. Opt. Precis. Eng. 25(3), 780–785 (2017)

16.

Zhou, J., Chen, J., Li, Y., et al.: Research on target prediction algorithm of shipboard photoelectric tracking equipment. Opt. Precis. Eng. 25(2), 519–528 (2017)CrossRef

17.

Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P traffic using application signatures. In: 13th International Conference on World Wide Web, pp. 512–521. ACM (2004)

18.

Kasera, S., Pinheiro, J., Loader, C.: Fast and robust signaling overload control. In: 9th International Conference on Network Protocols, pp. 323–331. IEEE, Riverside (2001)

19.

Yager, R.R., Liu, L.: Classic Works of the Dempster-Shafer Theory of Belief Functions. Springer, Berlin (2008). https://doi.org/10.1007/978-3-540-44792-4MATHCrossRef

20.

Mruphy, C.K.: Combing belief function when evidence conflicts. Decis. Support Syst. 29(1), 1–9 (2000)CrossRef

21.

Voorbraak, F.: On the justification of Dempster’s rule of combination. Artif. Intell. 48, 171–197 (1991)MathSciNetMATHCrossRef

22.

Zadeh, L.: A simple view of the Dempster-Shafer theory of evidence and its implication for the rule of combination. AI Mag. 7(2), 85–90 (1986)

23.

Mathon, B.R., Ozbek, M.M., Pinder, G.F.: Dempster-shafer theory applied to uncertainty surrounding permeability. Math. Geosci. 42, 293–307 (2010)MATHCrossRef

24.

Smarandache, F., Dezert, J.: Advances and Applications of DSmT for Information Fusion, vol. 2. American Research Press, Rehoboth (2006)MATH

25.

Detection of Peer-to-Peer Botnets. http://staff.science.uva.nl/~delaat/sne-2007-2008/p22/report.pdf. Accessed 13 Aug 2017

26.

Zhaoa, D., Traorea, I., Sayed, B., et al.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)CrossRef

27.

Kang, J., Zhang, J.-Y., Li, Q., et al.: Detecting New P2P botnet with multi-chart CUSUM. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 688–691. IEEE, Wuhan (2009)

28.

Kang, J., Song, Y.: Application KCFM to detect new P2P botnet based on multi-observed sequence. In: Geomatics and Information Science of Wuhan University, vol. 35, no. 5, pp. 520–523 (2010)

29.

Song, Y.: Detecting P2P botnet by analyzing macroscopic characteristics with fractal and information fusion. China Commun. 12(2), 107–117 (2015)CrossRef

Title: Detect Peer-to-Peer Botnet with Permutation Entropy and Adaptive Information Fusion
Authors: Yuanzhang Song
Junting He
Hongyu Li
Publisher: Springer Singapore
Book: Trusted Computing and Information Security
Print ISBN: 978-981-13-5912-5

Electronic ISBN: 978-981-13-5913-2

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-981-13-5913-2_3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner