Abstract
Botnet sustained a serious threat to Internet security. Especially the emergence of P2P botnets, botnet detection has become a very big challenge. This paper focuses on the P2P botnet traffic characteristics and provides support for P2P botnet detection technology. Through a number of experiments, the paper draws some important conclusions, such as high connection failure rate, high outbound network degree, irregular phased-similarity, etc. These conclusions can help the study of P2P botnets detection. The paper also models P2P botnets and proposes a P2P botnet steady-state model. The model can explain some features of P2P botnets are inevitable and these features can be used for more general detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zhu, Z., Lu, G., Chen, Y., et al.: Botnet Research Survey. In: 32nd Annual IEEE International Computer Software and Applications Conference, Turku, Finland, pp. 967–972 (July 2008)
Wurzinger, P., Bilge, L.: Automatically Generating Models for Botnet Detection. In: European Symposium on Research in Computer Security (2009)
Gu, G., Perdisci, R., Zhang, J., et al.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: SS 2008: Proceedings of the 17th Conference on Security Symposium, pp. 139–154. USENIX Association (2008)
Ruben, D., Torres, M.Y.H.S.: Inferring undesirable behavior from P2P traffic analysis. In: SIGMETRICS 2009: Proceedings of the Eleventh International Joint Conference on Measurement and Modeling of Computer Systems. ACM (2009)
Su, C.: T E D. P2P botnet detection using behavior clustering & statistical tests. In: AISec 2009: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence. ACM (2009)
Noh, S., Oh, J., Lee, J., et al.: Detecting P2P Botnets Using a Multi-phased Flow Model. In: ICDS 2009: Proceedings of the 2009 Third International Conference on Digital Society, pp. 247–253 (2009)
Yen, T., Reiter, M.K.: Are Your Hosts Trading or Plotting? Telling P2P File-Sharing and Bots Apart. In: ICDCS 2010: Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems, pp. 241–252 (2010)
Yen, T.: Detecting Stealthy Malware Using Behavioral Features in Network Traffic. Carnegie Mellon University Department of Electrical and Computer Engineering (2011)
Zhang, J., Perdisci, R., Lee, W., et al.: Detecting stealthy P2P botnets using statistical traffic fingerprints. In: DSN 2011: Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks, pp. 121–132 (2011)
Ruitenbeek, E.V., Sanders, W.H.: Modeling Peer-to-Peer Botnets. In: QEST 2008: Proceedings of the 2008 Fifth International Conference on Quantitative Evaluation of Systems, pp. 307–316 (2008)
Langin, C., Zhou, H., Rahimi, S., et al.: A self-organizing map and its modeling for discovering malignant network traffic. In: CICS 2009: Computational Intelligence in Cyber Security, pp. 122–129 (2009)
French Chapter of the Honeynet Project, http://www.honeynet.org/chapters/france
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, H., Hu, G., Yang, Y. (2012). Research on P2P Botnet Network Behaviors and Modeling. In: Liu, C., Wang, L., Yang, A. (eds) Information Computing and Applications. ICICA 2012. Communications in Computer and Information Science, vol 307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34038-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-34038-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34037-6
Online ISBN: 978-3-642-34038-3
eBook Packages: Computer ScienceComputer Science (R0)