Preliminary study of host and network-based analysis on P2P Botnet detection

Botnet is a network of compromised computer that running malicious software remotely controlled by an attacker known as Botmaster. The threat of Botnet threaten is widely dangerous and it is crucially to overcome this crisis. Some new bots use P2P protocols to construct command and control system are known as peer-to-peer (P2P) Botnet. More severe when P2P Botnet incorporated the centralized and distributed communication which make it more robust and complicated for detection. Hence, the analysis is necessary to be conducted especially in the combination of host-based and network-based in order to detect bots accurately. This paper provides the details analysis on host-based analysis and network-based analysis to detect P2P bots that will reveal their unique characteristic and behaviors. The result of experimental testbed on datasets show that it is possible to detect effectively P2P Botnet in standalone host and network packet´s payload. Thus, this analysis can be used for early warning of P2P Botnet activities in the host-and network-level as prevention mechanism.