New Detection of Peer-to-Peer Controlled Bots on the Host

Nowadays, Peer-to-Peer controlled (P2P-controlled) bots became an increasing threat to our network. Compared with traditional bots which rely on Internet Relay Chat (IRC) server, P2P-controlled bots spread much faster and construct the botnets with better robustness. The infected machine can be remotely controlled by the attacker to perform some malicious activities such as Distributed Denial of Service (DDoS) or email spamming. However, few bots detection techniques, especially aiming at P2Pcontrolled bots, have been developed to date. In this paper, we proposed a general way to detect P2P-controlled bots on the host. Our approach combines detections of malicious behaviors and P2P communication together. API function calls and P2P traffics generated by a specific bot are monitored dynamically during the specific time-window to achieve the detection. We perform a range of experiments with different dataset. The results show that our approach is effective to detect P2P-controlled bots on the host.