Title :
PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations
Author :
Narang, Pratik ; Ray, Subhajit ; Hota, Chittaranjan ; Venkatakrishnan, Venkat
Author_Institution :
Dept. of Comput. Sci. & Inf. Syst., Birla Inst. of Technol. & Sci.-Pilani, Hyderabad, India
Abstract :
The decentralized nature of Peer-to-Peer (P2P) botnets makes them difficult to detect. Their distributed nature also exhibits resilience against take-down attempts. Moreover, smarter bots are stealthy in their communication patterns, and elude the standard discovery techniques which look for anomalous network or communication behavior. In this paper, we propose PeerShark, a novel methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Instead of the traditional 5-tuple ´flow-based´ detection approach, we use a 2-tuple ´conversation-based´ approach which is port-oblivious, protocol-oblivious and does not require Deep Packet Inspection. PeerShark could also classify different P2P applications with an accuracy of more than 95%.
Keywords :
computer network security; invasive software; peer-to-peer computing; telecommunication traffic; 2-tuple conversation-based approach; P2P applications; P2P botnet traffic; PeerShark; anomalous network; communication behavior; communication patterns; conversations tracking; flow-based detection; peer-to-peer botnets detection; port-oblivious; protocol-oblivious; standard discovery techniques; Electronic mail; Feature extraction; Firewalls (computing); IP networks; Internet; Peer-to-peer computing; Ports (Computers); botnet; machine learning; peer-to-peer;
Conference_Titel :
Security and Privacy Workshops (SPW), 2014 IEEE
Conference_Location :
San Jose, CA
DOI :
10.1109/SPW.2014.25
