Visible to the public Identifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis

TitleIdentifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis
Publication TypeConference Paper
Year of Publication2018
AuthorsWang, Pengfei, Wang, Fengyu, Lin, Fengbo, Cao, Zhenzhong
Conference Name2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
ISBN Number 978-1-5386-4388-4
KeywordsBotnet, Botnet detection, computer network security, Conferences, feature extraction, Human Behavior, human factor, human factors, invasive software, IP addresses, IP networks, Metrics, Monitoring, Network security, P2P botnet, P2P bots, P2P communications, P2P hosts, peer to peer security, peer-to-peer botnets, Peer-to-peer computing, PeerGrep, periodicity behavior, Periodicity Behavior Analysis, pubcrawl, resilience, Resiliency, Scalability, security, Spark

Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network.

Citation Keywang_identifying_2018