Title :
PeerDigger: Digging Stealthy P2P Hosts through Traffic Analysis in Real-Time
Author :
Jie He ; Yuexiang Yang ; Xiaolei Wang ; Chuan Tang ; Yingzhi Zeng
Author_Institution :
Coll. of Comput., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
P2P technology has been widely applied in many areas due to its excellent properties. Some botnets also shift towards the decentralized architectures, since they provide a better resiliency against detection and takedown efforts. Besides, modern P2P bots tend to run on compromised hosts in a stealthy way, which renders most existing approaches ineffective. In addition, few approaches address the problem of real-time detection. However, it is important to detect bots as soon as possible in order to minimize their harm. In this paper, we propose Peer Digger, a novel real-time system capable of detecting stealthy P2P bots. Peer Digger first detects all P2P hosts base on several basic properties of flow records, and then distinguishes P2P bots from benign P2P hosts by analyzing their network behavior patterns. The experimental results demonstrate that our system is able to identity P2P bots with an average TPR of 98.07% and an average FPR of 1.5% within 4 minutes.
Keywords :
computer network security; invasive software; peer-to-peer computing; real-time systems; telecommunication traffic; FPR; P2P host detection; P2P technology; PeerDigger; TPR; decentralized architectures; network behavior pattern analysis; real-time detection; stealthy P2P bot detection; Feature extraction; IP networks; Monitoring; Peer-to-peer computing; Real-time systems; Storms; Vectors; P2P network; bot detection; real-time; traffic analysis;
Conference_Titel :
Computational Science and Engineering (CSE), 2014 IEEE 17th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4799-7980-6
DOI :
10.1109/CSE.2014.283
