A Novel Botnet Detection System for P2P Networks

Obeidat, Atef A.; Al-Kofahi, Majd M.; Bawaneh, Mohammad Jazi; Hanandeh, Essam Said

doi:10.3844/jcssp.2017.329.336

Cited by 3 publications

(3 citation statements)

References 16 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they failed to address any FS approach. Obeidat 17 analyzed and compared the most significant P2P‐based botnet detection approaches. The author has studied the previous surveys and classified and compared the most important detection approaches.…”

Section: Related Workmentioning

confidence: 99%

Reviewing various feature selection techniques in machine learning‐based botnet detection

Baruah,

Borah,

Deka

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryMachine learning approaches are widely used for the detection and classification of emerging botnet variations due to their ability to yield more precise results compared to traditional methods. The relevancy of the features plays a major role in these detection algorithms' effectiveness. As such, the most distinctive characteristics must be extracted from a high‐dimensional dataset that is used to classify botnets. Nevertheless, we discovered that the majority of earlier studies lacked proper analysis and paid little attention to the various feature selection techniques. The main goal of this work is to investigate and assess the advantages and disadvantages of the different feature selection techniques used for botnet detection. Studies show that feature selection is a very efficient way to decrease the amount of storage and processing power required while simultaneously increasing classification accuracy. As a consequence, its application in many other fields has grown. The field of feature selection is recognized for its non‐deterministic polynomial‐time hardness; to mitigate this hardness, metaheuristic techniques have been applied. Metaheuristic algorithms are exceptionally good at performing a global search. In order to choose feature subsets optimally in the field of botnet detection, we additionally prioritize the use of metaheuristic methods. This study offers a more thorough insight of the feature selection strategies that are primarily employed by machine learning‐based botnet detection models. It also offers insights into how better feature selection approaches might be applied to strengthen botnet detection mechanisms. Additionally, it will help in understanding the limitations of existing approaches and identifying areas for improvement.

show abstract

Section: Related Workmentioning

confidence: 99%

Reviewing various feature selection techniques in machine learning‐based botnet detection

Baruah,

Borah,

Deka

2024

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Because legitimate P2P peer connection time is usually short and pull-style communication is uncommon, botnet-behaviour can be detected by those two factors. Likewise, Reference [181] also approaches the detection of P2P botnets by the P2P search frequency. The detection mechanism specified in the paper also considers the number of P2P peers, the argument being that P2P botnets have a larger number of peer connections compared to normal P2P traffic.…”

Section: Botnet Application Sandboxingmentioning

confidence: 99%

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.

show abstract

“…The authors in [21] proposed a detection model, named detection by mining regional periodicity (DMRP), based on capturing the event time series, mining the hidden periodicity of host behaviors, and evaluating the mined periodic patterns to identify P2P bot traffic. The authors of [18] proposed a three-layer filtering botnet detection system, which is responsible for packet filtering, P2P application packet filtering, and P2P botnet detection, respectively. High accuracy with low false alarm rate have been reported by using such periodicity based methods, although the behavior characteristics considered for the botnet is too simplistic as compared to real-life botnets.…”

Section: Introductionmentioning

confidence: 99%

Unsupervised detection of botnet activities using frequent pattern tree mining

Hao

Liu

Baldi

et al. 2021

Complex Intell. Syst.

View full text Add to dashboard Cite

A botnet is a network of remotely-controlled infected computers that can send spam, spread viruses, or stage denial-of-service attacks, without the consent of the computer owners. Since the beginning of the 21st century, botnet activities have steadily increased, becoming one of the major concerns for Internet security. In fact, botnet activities are becoming more and more difficult to be detected, because they make use of Peer-to-Peer protocols (eMule, Torrent, Frostwire, Vuze, Skype and many others). To improve the detectability of botnet activities, this paper introduces the idea of association analysis in the field of data mining, and proposes a system to detect botnets based on the FP-growth (Frequent Pattern Tree) frequent item mining algorithm. The detection system is composed of three parts: packet collection processing, rule mining, and statistical analysis of rules. Its characteristic feature is the rule-based classification of different botnet behaviors in a fast and unsupervised fashion. The effectiveness of the approach is validated in a scenario with 11 Peer-to-Peer host PCs, 42063 Non-Peer-to-Peer host PCs, and 17 host PCs with three different botnet activities (Storm, Waledac and Zeus). The recognition accuracy of the proposed architecture is shown to be above 94%. The proposed method is shown to improve the results reported in literature.

show abstract

A Novel Botnet Detection System for P2P Networks

Cited by 3 publications

References 16 publications

Reviewing various feature selection techniques in machine learning‐based botnet detection

Reviewing various feature selection techniques in machine learning‐based botnet detection

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Unsupervised detection of botnet activities using frequent pattern tree mining

Contact Info

Product

Resources

About