Detecting P2P botnet based on the role of flows

Yuan-zhang SONG; Jun-ting HE; Bo ZHANG; Jun-jie WANG; An-bang WANG

Tongxin xuebao (Sep 2012)

Detecting P2P botnet based on the role of flows

Yuan-zhang SONG,
Jun-ting HE,
Bo ZHANG,
Jun-jie WANG,
An-bang WANG

Affiliations

Yuan-zhang SONG
Jun-ting HE
Bo ZHANG
Jun-jie WANG
An-bang WANG

Journal volume & issue: Vol. 33
pp. 262 – 269

Abstract

Read online

Towards the weaknesses of the existing detection methods of P2P botnet,a novel real-time detection model based on the role of flows was proposed,which was named as RF.According to the characteristics of flows,the model made the flows play the different roles in the detection of the P2P botnet to detect the essential abnormality and the attacking abnormality.And the model considered the influence on the detection of the P2P botnet which the Web applications generated,especially the applications based on the P2P protocols.To minimize the false positive rate and false negative rate,a real-time method based on the sliding window to estimate the Hurst parameter was proposed,and the Kaufman algorithm was applied to adjust the threshold dynamically.The experiments showed that the model was able to detect the new P2P botnet with a relatively high precision.

P2P botnet;self-similarity;multi-chart CUSUM;Kaufman

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords