Botnet Detection for Peer to Peer Networks

Authors

1 Assistant Professor, Department of Computer Engineering, Faculty of Technology and Engineering, Al-Zahra University (S), Tehran, Iran

2 Master's student, Department of Computer Engineering, Faculty of Technology and Engineering, Al-Zahra University (S), Tehran, Iran

3 Instructor, Department of Computer Engineering, Technical and Engineering Faculty, Bozormehr Qaenat University, Qaenat, Iran

Abstract

Botnets are the latest types of internet-scale malware in recent years that has been the greatest threats to
the web servers. Bot is an infected computer by a malware that are controlled remotely by one or more
human factors without the user’s knowledge. This controller agent called “bot master” and sometimes the
infected system is called “victim”. Peer to peer botnet is one type of botnets that use peer to peer protocols
and detection of this type of botnet is more difficult than other types. Our suggested approach is a new
method to detect such botnets. This approach uses network flow analysis and clustering method in data
mining to detect peer to peer botnets. This approach is flow-based and compares the similarity between
flows and K-Means clustering algorithm and eventually determines that the new traffic is an attack or not.
This approach has good performance in detection of botnets in flash crowd traffic and this characteristic is
distinction of the suggested algorithm and similar algorithms. Finally, the suggested approach has been
tested with different traffic.

Keywords


[1] A. Cole, M. Michael, and D. Noyes, “Botnets: The
rise of the machines,” In Proceedings on the 6th
Annual Security Conference, 2007.
[2] B. Assadhan, M. José, and D. Lapsley, “Periodic
Behavior in Botnet Command and Control Channels
Traffic,” IEEE, 2009.
[3] H. Choi, H. Lee, and H. Kim, “BotGAD: detecting
botnets by capturing group activities in network
traffic,” In Proceedings of the Fourth International
ICST Conference on communication System
software and middleware, 2009.
[4] A. Karasaridis, B. Rexroad, and D. Hoeflin,
“Wide-scale botnet detection and characterization,”
Proceedings of the first conference on First
Workshop on Hot Topics in Understanding Botnets,
vol. 7, 2007.
[5] J. Govil and J. Govil, “Criminology of botnets and
their detection and defense methods,”
Electro/Information Technology, 2007 IEEE
International Conference, 2007.
[6] S. S. Silva, R. M. Silva, and R. C. Pinto, “Botnets: A
survey,” Computer Networks, vol. 57, no. 2, pp.
372-403, 2013.
[7] H. R. Zeidanloo, M. Safar, M. Zamani, P. Vahdani
Amoli, and M. J. Z. Shooshtari, “A taxonomy of
botnet detection techniques,” Computer Science and
Information Technology (ICCSIT), 3rd IEEE
International Conference on, vol. 2, 2010.
[8] K.-S. Han and G. I. Eul, “A survey on p2p botnet
detection,” Proceedings of the International
Conference on IT Convergence and Security ,
Springer Netherlands, pp. 589-593, 2012.
[9] A. H. Lashkari and S. G. Ghalebandi, “A Wide
Survey on Botnet,” Digital Information and
Communication Technology and Its Applications ,
Springer Berlin Heidelberg, pp. 445-454, 2011.
[10] J. Leonard, S. Xu, and R. Sandhu, “A framework for
understanding botnets,” In Availability, Reliability
and Security, 2009 ARES'09, International
Conference on, 2009.
[11] S. Garg, A. K. Sarje, and S. K. Pedd, “Improved
Detection of P2P Botnets through Network Behavior
Analysis,” Recent Trends in Computer Networks
and Distributed Systems Security ,Springer Berlin
Heidelberg, pp. 334-345, 2014.
[12] J. Han, K. Micheline, and P. Jian, “Data mining,”
southeast asia edition: Concepts and techniques,
Morgan kaufmann, 2006.
[13] L. Xinying and W. Peizhi, “Data Mining
Technology and its Application in Electronic
Commerce,” In Wireless Communications,
Networking and Mobile Computing, 2008
WiCOM'08, 4th International Conference on, 2008.
[14] J. R. Binkley and S. Singh, “An algorithm for
anomaly-based botnet detection,” Proceedings of
USENIX Steps to Reducing Unwanted Traffic on
the Internet Workshop (SRUTI), pp. 43-48, 2006.
[15] H. Husna, S. Phithakkitnukoon, and S. Pa ,
“Behavior analysis of spam botnets,”
Communication Systems Software and Middleware
and Workshops, 2008 COMSWARE, 3rd
International Conference on, 2008.
[16] N. Pratik, S. Ray, C. Hota, and V. Venkatakrishnan ,
“Peershark: detecting peer-to-peer botnets by
tracking conversations,” In Security and Privacy
Workshops (SPW), 2014 IEEE, 2014.
[17] D. Zhao, I. Traore, B. Sayed, W. Lu, S. Saad, A.
Ghorbani, and D. Garant, “Botnet detection based on
traffic behavior analysis and flow intervals ”,
Computers & Security, vol. 39, pp. 2-16, 2013.
[18] S. Sherif, I. Traore, A. Ghorbani, S. Bassam, D.
Zhao, W. Lu, J. Felix, and P. Hakimian, “Detecting
P2P botnets through network behavior analysis and
machine learning,” In Privacy, Security and Trust
(PST), 2011 Ninth Annual International Conference
on, 2011.
[19] W. Tarng, L.-Z. Den, K.-L. Ou, and M. Chen, “The
analysis and identification of P2P botnet’s traffic
flows,” International Journal of Communication
Networks and Information Security (IJCNIS), vol. 2,
no. 3, 2011.
[20] F. Chen, M. Wang, Y. Fu, and J. Zeng, “New
detection of peer-to-peer controlled bots on the
host,” Wireless Communications, Networking and
Mobile Computing WiCom'09, 5th International
Conference, Beijing, 2009.
[21] M. Stevanovic and J. M. Pedersen, “An efficient
flow-based botnet detection using supervised
machine learning,” In Computing, Networking and
Communications (ICNC), 2014 International
Conference on, 2014.
[22] S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F.
Tang, “Discriminating DDoS attacks from flash
crowds using flow correlation coefficient,” Parallel
and Distributed Systems, IEEE Transactions, vol.
23, no. 6, 2012.
[23] F. Kovács, C. Legány, and A. Babos, “Cluster
validity measurement techniques,” 6th International
symposium of hungarian researchers on
computational intelligence, 2005.
  • Receive Date: 07 July 2015
  • Revise Date: 21 June 2023
  • Accept Date: 19 September 2018
  • Publish Date: 20 February 2016