Journal of Northeastern University(Natural Science)

Journal of Northeastern University ›› 2010, Vol. 31 ›› Issue (12): 1709-1712.DOI: -

• OriginalPaper • Previous Articles     Next Articles

Rapid detection technique for P2P-based botnets

Yu, Ge (1); Yu, Xiao-Cong (2); Dong, Xiao-Mei (1); Qin, Yu-Hai (2)   

  1. (1) School of Information Science and Engineering, Northeastern University, Shenyang 110004, China; (2) Department of Computer Crime Detection, China Criminal Police College, Shenyang 110035, China
  • Received:2013-06-20 Revised:2013-06-20 Online:2010-12-15 Published:2013-06-20
  • Contact: Yu, X.-C.
  • About author:-
  • Supported by:
    -

RichHTML

0

PDF (PC)

659

Abstract: The attacks due to P2P-based botnet are increasingly one of the most serious threats to the Internet. The existing detection strategies for P2P-based botnets just focus on the offline detection methods by tracking the historical network traffic, which can hardly meet the requirement for real-time and precision. A new technique is therefore proposed to detect the P2P-based botnet activities rapidly, where an improved incremental classification technique is introduced to distinguish the P2P-based network traffic from others. Then a dynamical clustering technique and Boolean auto-correlation technique are presented to detect the suspected P2P-based botnet hosts which have the similarity and periodicity in communication behavior. The experimental evaluations showed that the technique proposed can implement the detection for P2P-based botnets rapidly and efficiently.

CLC Number: