Analysis and detection of P2P Botnet connections based on node behaviour

Author

Rostami, Mohammad Reza ; Shanmugam, Bharanidharan ; Idris, Norbik Bashah

Author_Institution

Adv. Inf. Sch., UTM, Kuala Lumpur, Malaysia

fYear

2011

fDate

11-14 Dec. 2011

Firstpage

928

Lastpage

933

Abstract

Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.

Keywords

Internet; computer network security; cryptography; operating systems (computers); peer-to-peer computing; telecommunication traffic; BitTorrent; Internet; P2P botnet connections; cyber criminals; encryption; healthy packet; malicious packet; network traffic; node behaviour; operating systems; process name correlation; unique port; Correlation; IP networks; Internet; Peer to peer computing; Protocols; Storms; Telecommunication traffic; botnet; node behaviour; peer to peer (P2P); port numbers; process identification;

fLanguage

English

Publisher

ieee

Conference_Titel

Information and Communication Technologies (WICT), 2011 World Congress on

Conference_Location

Mumbai

Print_ISBN

978-1-4673-0127-5

Type

conf

DOI

10.1109/WICT.2011.6141372

Filename

6141372