Title :
New Detection of Peer-to-Peer Controlled Bots on the Host
Author :
Chen, Fei ; Wang, Mingli ; Fu, Yan ; Zeng, Jinquan
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
Nowadays, Peer-to-Peer controlled (P2P-controlled) bots became an increasing threat to our network. Compared with traditional bots which rely on Internet Relay Chat (IRC) server, P2P-controlled bots spread much faster and construct the botnets with better robustness. The infected machine can be remotely controlled by the attacker to perform some malicious activities such as Distributed Denial of Service (DDoS) or email spamming. However, few bots detection techniques, especially aiming at P2Pcontrolled bots, have been developed to date. In this paper, we proposed a general way to detect P2P-controlled bots on the host. Our approach combines detections of malicious behaviors and P2P communication together. API function calls and P2P traffics generated by a specific bot are monitored dynamically during the specific time-window to achieve the detection. We perform a range of experiments with different dataset. The results show that our approach is effective to detect P2P-controlled bots on the host.
Keywords :
peer-to-peer computing; security of data; unsolicited e-mail; API function call; DDoS; P2P communication; P2P traffic; botnets; bots detection techniques; distributed denial of service; email spamming; peer-to-peer controlled bots; Command and control systems; Communication channels; Communication system control; Computer science; Computer worms; Internet; Network servers; Peer to peer computing; Protocols; Robustness;
Conference_Titel :
Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-3692-7
Electronic_ISBN :
978-1-4244-3693-4
DOI :
10.1109/WICOM.2009.5302674
