Peer-to-Peer Botnet Detection Using NetFlow Master Thesis
نویسنده
چکیده
. Abstract . . Traditional botnets use a centralized communications architecture where all the bots connect to Command and Control (C&C) servers. These servers are the weak point of the botnet, as they are easy targets for take down and monitoring. Peer-to-peer (p2p) botnets have a distributed architecture, which make them more resilient. This research aims at the detection of individual p2p bots within a network perimeter. This is done by looking at the communications with their p2p overlay network. The NetFlow protocol is used to gain insight in all traffic within the network. A detection algorithm is proposed that can detect p2p malware in live NetFlow data. The algorithm is based on characteristics that separate malicious from benign p2p traffic, such as: traffic volume, packet symmetry and traffic patterns. These characteristics were identified by analyzing the behavior of different benign p2p applications and the Zeus p2p malware.
منابع مشابه
BotTrack: Tracking Botnets Using NetFlow and PageRank
With large scale botnets emerging as one of the major current threats, the automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. Faced with high speed network connections, detecting botnets must be efficient and accurate. This paper proposes a novel approach for this task, where NetFlow related data is correlated and a host depend...
متن کاملHaDeS: A Hadoop-based Framework for Detection of Peer-to-Peer Botnets
This paper presents Hades, a Hadoop-based framework for detection of P2P botnets in an enterprise-level network, which is distributed and scalable by design. The contributions of this work are two-fold: Firstly, our work uses the Hadoop-ecosystem to adopt a ‘host-aggregation based’ approach which aggregates behavioral metrics for each Peerto-Peer (P2P) host seen in network communications, and u...
متن کاملTowards Efficient and Privacy-Preserving Network-Based Botnet Detection Using Netflow Data
Botnets pose a severe threat to the security of Internet-connected hosts and the availability of the Internet's infrastructure. In recent years, botnets have attracted many researchers. As a result, many achievements in studying different botnets' anatomies have been made and approaches to botnet detection have been developed. However, most of these approaches target at botnet detection using r...
متن کاملA Survey of Botnet Detection Techniques by Command and Control Infrastructure
Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting p...
متن کاملA Survey on Botnet Architectures, Detection and Defences
Botnets are known to be one of the most serious Internet security threats. In this survey, we review botnet architectures and their controlling mechanisms. Botnet infection behavior is explained. Then, known botnet models are outlined to study botnet design. Furthermore, Fast-Flux Service Networks (FFSN) are discussed in great details as they play an important role in facilitating botnet traffi...
متن کامل