Volume -I , Issue -X, April 2015
|
SCALABLE SYSTEM CONSTRUCTION FOR STEALTHY PEER-TO-PEER BOTNET DETECTION
|
|
Author(s) :
|
Andrea Noreen D silva
|
|
Abstract
|
Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, the rapidly growing volume of network traffic calls for high scalability of detection systems. In this paper, we propose a novel scalable botnet detection system capable of detecting stealthy P2P botnets. Our system first identifies all hosts that are likely engaged in P2P communications. It then derives statistical fingerprints to profile P2P traffic and further distinguish between P2P botnettraffic and legitimate P2P traffic. The parallelized computation with bounded complexity makes scalability a built-in feature of our system. Extensive evaluation has demonstrated both high detection accuracy and great scalability of the proposed system. |
|
Keywords
|
Scalable System Construction , communications , parallelized computation |
|
References
|
- S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich, “Analysis of thestorm and nugachetrojans: P2P is here,” in Proc. USENIX, vol. 32.2007, pp. 18–27.
- P. Porras, H. Saidi, and V. Yegneswaran, “A multi-perspective analysisof the storm (peacomm) worm,” Comput. Sci. Lab., SRI Int., MenloPark, CA, USA, Tech. Rep., 2007.
- T.-F. Yen and M. K. Reiter, “Are your hosts trading or plotting?Telling P2P file-sharing and bots apart,” in Proc. ICDCS, Jun. 2010,pp. 241–252.
- G. Gu, R. Perdisci, J. Zhang, and W. Lee, “Botminer: Clusteringanalysis of network traffic for protocol- and structure-independent botnetdetection,” in Proc. USENIX Security, 2008, pp. 139–154.
- J. Zhang, X. Luo, R. Perdisci, G. Gu, W. Lee, and N. Feamster,“Boosting the scalability of botnet detection using adaptive trafficsampling,” in Proc. 6th ACM Symp. Inf., Comput. Commun. Security,2011, pp. 124–134.
- P. Porras, H. Saidi, and V. Yegneswaran. (2009). Conficker C Analysis[Online]. Available: http://mtc.sri.com/Conficker/addendumC/index.html
- R. Lemos. (2006). Bot Software Looks to Improve Peerage [Online].Available: http://www.securityfocus.com/news/11390
- G. Sinclair, C. Nunnery, and B. B. Kang, “The waledac protocol: Thehow and why,” in Proc. 4th Int. Conf. Malicious Unwanted Softw.,Oct. 2009, pp. 69–77.
- Y. Zhao, Y. Xie, F. Yu, Q. Ke, and Y. Yu, “Botgraph: Largescale spamming botnet detection,” in Proc. 6th USENIX NSDI, 2009,pp. 1–14.
- S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov, “BotGrep:Finding P2P bots with structured graph analysis,” in Proc. USENIXSecurity, 2010, pp. 1–16.
|
|
How to Cite this Paper? [APA Style]
|
Andrea Noreen D silva, (2015), SCALABLE SYSTEM CONSTRUCTION FOR STEALTHY PEER-TO-PEER BOTNET DETECTION, Industrial Science Journal, http://industrialscience.org/Article.aspx?aid=70&vid=10, (April, 2015)
|
|
Full Text in PDF
|
|
|
|
|
Archive
|