Comparison and Analysis of P2P Botnet Detection Schemes (P2P 봇넷 탐지 연구의 비교 및 분석)

Kyungsan CHO (조경산); Wujian Ye

doi:10.9708/jksci.2017.22.03.069

Comparison and Analysis of P2P Botnet Detection Schemes

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2017, 22(3), pp.69-79
DOI : 10.9708/jksci.2017.22.03.069
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : March 3, 2017
Accepted : March 21, 2017
Published : March 31, 2017

Kyungsan CHO ¹, Wujian Ye ²

¹단국대학교
²GuangDong University of Technology

Accredited

ABSTRACT

In this paper, we propose our four-phase life cycle of P2P botnet with corresponding detection methods and the future direction for more effective P2P botnet detection. Our proposals are based on the intensive analysis that compares existing P2P botnet detection schemes in different points of view such as life cycle of P2P botnet, machine learning methods for data mining based detection, composition of data sets, and performance matrix. Our proposed life cycle model composed of linear sequence stages suggests to utilize features in the vulnerable phase rather than the entire life cycle. In addition, we suggest the hybrid detection scheme with data mining based method and our proposed life cycle, and present the improved composition of experimental data sets through analysing the limitations of previous works.

KEYWORDS

P2P botnet detection, life cycle, machine learning, data sets

Citation status

* References for papers published after 2023 are currently being built.

[journal] W. Ye / 2014 / Hybrid P2P Traffic Classification with heuristic rules and machine Learning / Soft Computing 19(9) : 1815~1827

[confproc] M. Feeil / 2009 / A survey of Botnet and Botnet Detection / Procs. of the Third International Conference on Emerging Security Information, systems and Technologies : 268~273

[journal] W. Ye / 2017 / P2P and P2P Botnet Traffic Classification in Two Stages / Soft Computing 21(5) : 1315~1326

[journal] N. Kheir / 2015 / Behavioral fine-grained detection and classification of P2P bots / Journal of Computer Virology and Hacking Techniques 11(4) : 217~233

[journal] M. Mahmoud / 2015 / A Survey on Botnet Architectures, Detection and Defences / International Journal of Network Security 17(3) : 272~289

[journal] S. Silva / 2013 / Botnets: A survey / Computer Networks, the International Journal of Computer & Telecommunications Networking 57(2) : 378~403

[journal] M. Soysal / 2010 / Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison / Performance Evaluation 67(6) : 451~467

[journal] I. Ghafi / 2015 / A Survey on Botnet Command and Control Traffic Detection / International Journal of Advances in Computer Networks and Its Security 5(2) : 75~80

[journal] A. Obeidat / 2016 / Survey of the P2P botnet detection methods / International Journal of Emerging Trends of Technology in Computer Science 5(2) : 12~23

[confproc] S. Ghalebandi / 2011 / A Survey on P2P Botnets Detection / Procs. of International Conference on Communication and Broadband Networking (ICCBN 2011)

[journal] M. Elhalabi / 2013 / A Review of Peer-to-Peer Botnet Detection Techniques / Journal of Computer Science 10(1) : 169~177

[journal] P. Vadivu / 2014 / A Survey on Botnet Dectection Approaches In Peer-To-Peer Network / International Journal of Advances in Computer Science and Technology 3(5) : 311~317

[book] P. Wang / 2009 / Handbook of Information and Communication Security / : 335~350

[confproc] Priyanka / 2015 / A review of recent Peer-to-Peer botnet detection techniques / Procs. of International Conference on Electronics and Communication Systems. IEEE : 1312~1317

[confproc] R. Rodriguez-Gomes / 2011 / Analysis of Botnets through Life-Cycle / Procs. of SECRYPT 2011 International Conference on Security and Cryptography : 257~262

[confproc] N. Hachenm / 2011 / Botnets: Lifecycle and Taxonomy / Procs. of 2011 Conference on Network and Information Systems Security (SAR-SSI) : 1~8

[confproc] J.B. Grizzard / 2007 / Peer-to-peer botnets: overview and case study / Procs. of USENIX Workshop on Hot Topics in Understanding Botnets (HotBots’07) : 1~8

[confproc] J. Leonard / 2009 / A Framework for understanding botnets / Procs. of the international conference on availability, reliability and security : 917~922

[journal] W. Tarng / 2012 / A P2P Botnet Virus Detection System Based on Data-Mining Algorithms / International Journal of Computer Science & Information Technology 4(5) : 51~65

[confproc] H. Li / 2012 / Modeling to Understand P2P Botnets / Procs. of International Conference on Instrumentation and Measurement, Computer, Communication and Control : 75~78

[journal] M. Alauthaman / 2016 / A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks / Neural Computer and Applications(First Online)

[confproc] H. Hang / 2013 / Entelecheia: Detecting p2p botnets in their waiting stage / Procs. of IFIP Networking Conference : 1~9

[confproc] P. Narang / 2014 / Peershark: Detecting Peer-to-Peer Botnets by Tracking Conversions / IEEE Security and Privacy workshop : 108~115

[confproc] Y Li / 2010 / A P2P-Bonet Detection Model and Algorithms Based on Network Streams Analysis / International Conference on Future Information Technology and Management Engineering 1 : 55~58

[journal] Y. Fan / 2014 / A P2P Botnet Detection Method Used On-line Monitoring and Off-line Detection / Int. Journal of Security and Its Applications 8(3) : 87~96

[journal] C. Sheng / 2011 / The P2P Botnet Online Detect Approach Research / Acta Electronica Sinica 39(4) : 906~912

[journal] P. Barthakur / 2013 / An Efficient Machine Learning Based Classification Scheme for Detecting Distributed Command & Control Traffic of P2P Botnets / International Journal of Modern Education and Computer Science 5(10) : 9~18

[confproc] P. Bharathula / 2015 / Equitable Machine Learning Algorithms to Probe Over P2P Botnets / Procs. of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications(FICTA) : 13~21

[confproc] L H Liao / 2010 / Peer to Peer Botnet Detection Using Data Mining Scheme / Procs. of International Conference on Internet Technology and Applications. IEEE : 1~4

[confproc] S. Garg / 2013 / Behaviour analysis of machine learning algorithms for detecting P2P botnets / Procs. of IEEE 15th International Conference on Advanced Computing Technologies (ICACT): : 1~4

[confproc] D. Zhao / 2012 / Peer to Peer Botnet Detection Based on Flow Intervals / Information Security and Privacy Research-27th IFIP TC 11 Information Security and Privacy Conference : 87~102

[confproc] P. Wang / 2009 / A Systematic Study on Peer-to-Peer Botnets / International Conference on Computer Communications and Networks, IEEE ICCCN 2009 : 1~8

[journal] H. Jiang / 2014 / Detecting P2P botnets by discovering flow dependency in C&C traffic / Peer-to-Peer Networking and Applications : 320~331

[journal] 예우지엔 / 2014 / P2P Traffic Classification using Advanced Heuristic Rules and Analysis of Decision Tree Algorithms / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 19(3) : 45~54

[confproc] G. Gu / 2008 / BotMiner:clustering analysis of network traffic for protocol and structure independent botnet detection / SS’08 Procs of the 17th conference on Security Symposium : 139~154

[journal] M. Yahyazadeh / 2012 / BotOnus: An online unsupervised method for botnet detection / The ISC Int'l Journal of Information Security 4(1) : 51~62

[confproc] J. Kang / 2009 / Application Entropy Theory to Detect New Peer-to-Peer Botnet with Multi-chart CUSUM / Procs. of 2009 Second International Symposium on Electronic Commerce and Security : 471~475

[confproc] B. Wang / 2009 / Measuring Peer-to-Peer botnets using control flow stability / Procs. of IEEE International Conference on Availability, Reliability and Security ARES'09 : 663~669

[confproc] S. K. Noh / 2009 / Detecting P2P Botnets Using a Multi-phased Flow Model / Procs. of Third International Conference on Digital Society. IEEE Computer Society : 247~253

[report] Y. Zeng / 2009 / On detection of storm botnets. Real-Time Computing Laboratory / The University of Michigan : 1~7

[confproc] B. Rahbarinia / 2013 / PeerRush: Mining for unwanted p2p traffic / DIMVA 2013-Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science 7967 : 62~82

[journal] S. Garg / 2016 / Scalable P2P bot detection system based on network data stream / Peer-to-Peer Networking and Applications 9(6) : 1162~1176

[journal] 홍의석 / 2016 / Severity-based Software Quality Prediction using Class Imbalanced Data / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 21(4) : 73~80

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Comparison and Analysis of P2P Botnet Detection Schemes

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Comparison and Analysis of P2P Botnet Detection Schemes

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (43) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.