Visible to the public A Two-stage P2P Botnet Detection Method Based on Statistical Features

TitleA Two-stage P2P Botnet Detection Method Based on Statistical Features
Publication TypeConference Paper
Year of Publication2020
AuthorsZhou, B., He, J., Tan, M.
Conference Name2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS)
Date PublishedOct. 2020
ISBN Number978-1-7281-6579-0
Keywordsbenign P2P hosts, Botnet, botnets, composability, computer network security, detection, feature extraction, invasive software, machine learning, Metrics, Monitoring, Network security, P2P, Payloads, Peer-to-peer computing, pubcrawl, Real-time Systems, resilience, Resiliency, software engineering, statistical analysis, statistical feature, telecommunication traffic, traffic statistical features, two-stage P2P botnet detection method, unsolicited e-mail

P2P botnet has become one of the most serious threats to today's network security. It can be used to launch kinds of malicious activities, ranging from spamming to distributed denial of service attack. However, the detection of P2P botnet is always challenging because of its decentralized architecture. In this paper, we propose a two-stage P2P botnet detection method which only relies on several traffic statistical features. This method first detects P2P hosts based on three statistical features, and then distinguishes P2P bots from benign P2P hosts by means of another two statistical features. Experimental evaluations on real-world traffic datasets shows that our method is able to detect hidden P2P bots with a detection accuracy of 99.7% and a false positive rate of only 0.3% within 5 minutes.

Citation Keyzhou_two-stage_2020