Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints

Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz, Xiapu Luo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency to take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches, including, ineffective. In this paper, we propose a novel botnet detection system that is able to identify stealthy P2P botnets, even when malicious activities may not be observable. First, our system identifies all hosts that are likely engaged in P2P communications. Then, we derive statistical fingerprints to profile different types of P2P traffic, and we leverage these fingerprints to distinguish between P2P botnet traffic and other legitimate P2P traffic. Unlike previous work, our system is able to detect stealthy P2P botnets even when the underlying compromised hosts are running legitimate P2P applications (e.g., Skype) and the P2P bot software at the same time. Our experimental evaluation based on real-world data shows that the proposed system can achieve high detection accuracy with a low false positive rate.

Original languageEnglish
Title of host publication2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011
PublisherIEEE
Pages121-132
Number of pages12
ISBN (Electronic)978-1-4244-9233-6, 978-1-4244-9231-2
ISBN (Print)978-1-4244-9232-9
DOIs
StatePublished - Jul 18 2011
Event2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 - Hong Kong, Hong Kong
Duration: Jun 27 2011Jun 30 2011

Conference

Conference2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011
Country/TerritoryHong Kong
CityHong Kong
Period6/27/116/30/11

ASJC Scopus Subject Areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Keywords

  • Botnet
  • Intrusion Detection
  • P2P
  • Security

Disciplines

  • Computer Sciences
  • Engineering

Cite this