Detecting Parasite P2P Botnet in eMule-like Networks through Quasi-periodicity Recognition
نویسندگان
چکیده
It’s increasingly difficult to detect botnets since the introduction of P2P communication. The flow characteristics and behaviors can be easily hidden if an attacker exploits the common P2P applications’ protocol to build the network and communicate. In this paper, we analyze two potential command and control mechanisms for Parasite P2P Botnet, we then identify the quasi periodical pattern of the request packets caused by Parasite P2P Botnet sending requests to search for the Botmaster’s commands in PULL mode. Considering our observation, a Parasite P2P Botnet detection framework and a mathematical model are proposed, and two algorithms named Passive Match Algorithm and Active Search Algorithm are developed. Our experimental results are inspiring and suggest that our approach is capable of detecting the P2P botnet leeching in eMule-like networks.
منابع مشابه
Resource monitoring for the detection of parasite P2P botnets
Detecting botnet behaviors in networks is a popular topic in the current research literature. The problem of detection of P2P botnets has been denounced as one of the most difficult ones, and this is even sounder when botnets use existing P2P networks infrastructure (parasite P2P botnets). The majority of the detection proposals available at present are based on monitoring network traffic to de...
متن کاملEnhanced PeerHunter: Detecting Peer-to-peer Botnets through Network-Flow Level Community Behavior Analysis
Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the fundamental infrastructure that responsible for various cyber-crimes. More challenges are involved in the problem of detecting P2P botnets, despite a few existing works claimed to detect traditional botnets effectively. In this paper, we present Enhanced PeerHunter, a network-flow level botnet...
متن کاملCopyright-Protected Content Delivery in Open Peer-to-Peer Networks
Open peer-to-peer (P2P) networks are being grossly abused by illegal distribution of copyrighted music, games, video streams, and popular software. These abuses are resulted from lack of proper peer authentication, modifiable file indices, and unauthorized file access in a P2P network. Peer collusion is a major source of illegal sharing of content files among clients and pirates. We propose a n...
متن کاملAdaptive Content Poisoning To Prevent Illegal File Distribution in P2P Networks
Digital content owners have attempted to use content poisoning to disrupt illegal distribution of copyrighted files in peer-to-peer (P2P) systems. This paper provides an analytical model to quantify the impact of content poisoning. Tradeoffs between content poisoning and download efficiency are revealed. In particular, we apply this poisoning model to transform and evaluate three popular P2P ne...
متن کاملEquitable Machine Learning Algorithms to Probe Over P2P Botnets
Cyber security has become very significant research area in line due to the increase in the number of malicious attacks by both state and nonstate actors. Ideally, one would like to properly secure the machines from being infected by viruses of any form. Nowadays, botnets have become an integral part of the Internet and the main drive for creating them is for financial gain. A bot conceals itse...
متن کامل