Enhanced PeerHunter: Detecting Peer-to-peer Botnets through Network-Flow Level Community Behavior Analysis
نویسندگان
چکیده
Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the fundamental infrastructure that responsible for various cyber-crimes. More challenges are involved in the problem of detecting P2P botnets, despite a few existing works claimed to detect traditional botnets effectively. In this paper, we present Enhanced PeerHunter, a network-flow level botnet community behavior analysis based method, which is capable of detecting botnets that communicate via P2P overlay networks. Our method starts from a P2P network flow detection component. Then, it uses the natural botnet behavior “mutual contacts” as the main feature to cluster bots into communities. Finally, it uses network-flow level botnet community behavior analysis to detect potential botnet communities and further identify bot candidates. In the experimental evaluation, we propose two evasion attacks, in which we assume the adversaries (e.g., the botmasters) know our techniques in advance, and they might attempt to evade our system via making the P2P bots mimic the behavior of legitimate P2P applications. The extensive experiments’ results show that Enhanced PeerHunter can achieve high detection rate with few false positives, and high robustness against the proposed mimicking legitimate P2P application attacks.
منابع مشابه
Bots Behaviors vs. Human Behaviors on Large-Scale Communication Networks (Extended Abstract)
In this paper we propose a hierarchical framework for detecting and characterizing any types of botnets on a large-scale WiFi ISP network. In particular, we first analyze and classify the network traffic into different applications by using payload signatures and the cross-associations for IP addresses and ports. Then based on specific application community (e.g. IRC, HTTP, or Peer-to-Peer), we...
متن کاملA Survey of Botnet Detection Techniques by Command and Control Infrastructure
Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting p...
متن کاملBotnet Detection Through Fine Flow Classification
The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...
متن کاملImproving Botnet Detection and Timing using Two-Level Support Vector Machines
Botnets have become a major threat to the Internet as large armies of bot machines can be used to carry out a wide range of attacks. We present a botnet detection mechanism that uses two levels of support vector machines (SVMs) to identify infected bot machines before they are used in an attack. Our technique detects relationships in the networkflows dynamically and determines if such relations...
متن کاملMachine Learning Approach for Botnet Detection
BotNet is a type of malware that has posed serious threats to Internet community and has been a common weapon for committing cybercrimes such as spam generation, stealing sensitive information, click fraud and DDOS attacks. In this document, we propose an approach for BotNet detection at large scale where network traffic is monitored at a central core in the Internet (say a Tier-1 ISP) so that ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1802.08386 شماره
صفحات -
تاریخ انتشار 2018