Abstract
Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency to take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches, including, ineffective. In this paper, we propose a novel botnet detection system that is able to identify stealthy P2P botnets, even when malicious activities may not be observable. First, our system identifies all hosts that are likely engaged in P2P communications. Then, we derive statistical fingerprints to profile different types of P2P traffic, and we leverage these fingerprints to distinguish between P2P botnet traffic and other legitimate P2P traffic. Unlike previous work, our system is able to detect stealthy P2P botnets even when the underlying compromised hosts are running legitimate P2P applications (e.g., Skype) and the P2P bot software at the same time. Our experimental evaluation based on real-world data shows that the proposed system can achieve high detection accuracy with a low false positive rate.
Original language | English |
---|---|
Title of host publication | 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 |
Publisher | IEEE |
Pages | 121-132 |
Number of pages | 12 |
ISBN (Electronic) | 978-1-4244-9233-6, 978-1-4244-9231-2 |
ISBN (Print) | 978-1-4244-9232-9 |
DOIs | |
State | Published - Jul 18 2011 |
Event | 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 - Hong Kong, Hong Kong Duration: Jun 27 2011 → Jun 30 2011 |
Conference
Conference | 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 |
---|---|
Country/Territory | Hong Kong |
City | Hong Kong |
Period | 6/27/11 → 6/30/11 |
ASJC Scopus Subject Areas
- Software
- Hardware and Architecture
- Computer Networks and Communications
Keywords
- Botnet
- Intrusion Detection
- P2P
- Security
Disciplines
- Computer Sciences
- Engineering