Detecting and blocking P2P botnets through contact tracing chains
نویسندگان
چکیده
Peer-to-peer (P2P) botnets have recently become serious security threats on the internet. It is difficult to detect the propagation of P2P botnets by isolated monitoring on individual machines due to its decentralised control structure. In this paper, we propose a contact tracing chain-based framework to detect and block P2P botnets by tracing contact behaviours among peers. In the proposed framework, the contacts of peers with suspicious symptoms are traced and tracing chains are established to correlate contacts among peers with their abnormal symptoms. Peers are confirmed with infections when the length of contact tracing chain that they belong to reaches a preset threshold. Under this framework, we develop different detection, tracing and immunisation strategies. Through numerical simulations, we demonstrate that the proposed contact tracing framework can quickly detect and block the propagation of P2P botnets.
منابع مشابه
Enhanced PeerHunter: Detecting Peer-to-peer Botnets through Network-Flow Level Community Behavior Analysis
Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the fundamental infrastructure that responsible for various cyber-crimes. More challenges are involved in the problem of detecting P2P botnets, despite a few existing works claimed to detect traditional botnets effectively. In this paper, we present Enhanced PeerHunter, a network-flow level botnet...
متن کاملEquitable Machine Learning Algorithms to Probe Over P2P Botnets
Cyber security has become very significant research area in line due to the increase in the number of malicious attacks by both state and nonstate actors. Ideally, one would like to properly secure the machines from being infected by viruses of any form. Nowadays, botnets have become an integral part of the Internet and the main drive for creating them is for financial gain. A bot conceals itse...
متن کاملResource monitoring for the detection of parasite P2P botnets
Detecting botnet behaviors in networks is a popular topic in the current research literature. The problem of detection of P2P botnets has been denounced as one of the most difficult ones, and this is even sounder when botnets use existing P2P networks infrastructure (parasite P2P botnets). The majority of the detection proposals available at present are based on monitoring network traffic to de...
متن کاملMultivariate Statistical Analysis on Anomaly P2P Botnets Detection
Botnets population is rapidly growing and they become a huge threat on the Internet. Botnets has been declared as Advanced Malware (AM) and Advanced Persistent Threat (APT) listed attacks which is able to manipulate advanced technology where the intricacy of threats need for continuous detection and protection. These attacks will be almost exclusive for financial gain. P2P botnets act as bots t...
متن کاملDetection of Stealthy P2p Bot Compromised Hosts in a Network
Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, the rapidly growing volume of network traffic calls for high scalability of detection systems. In thi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IJIPT
دوره 5 شماره
صفحات -
تاریخ انتشار 2010