P2P and P2P botnet traffic classification in two stages

Ye, Wujian; Cho, Kyungsan

doi:10.1007/s00500-015-1863-6

Cited by 20 publications

(9 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table 5 shows the summary regarding the approach used in the first and second step classification process along with the classification accuracy of various existing hybrid P2P traffic classification techniques. During the classification process, the techniques used in [5,[19][20][21]52,55], rely on the signature-based approach, which is computationally expensive [6,30,31] and has various other limitations as discussed in Section 2. In addition, the techniques in [19][20][21] do not classify the UDP traffic.…”

Section: Datasets Validation and Experimental Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Multi-Level P2P Traffic Classification Using Heuristic and Statistical-Based Techniques: A Hybrid Approach

et al. 2020

View full text Add to dashboard Cite

Peer-to-peer (P2P) applications have been popular among users for more than a decade. They consume a lot of network bandwidth, due to the fact that network administrators face several issues such as congestion, security, managing resources, etc. Hence, its accurate classification will allow them to maintain a Quality of Service for various applications. Conventional classification techniques, i.e., port-based and payload-based techniques alone, have proved ineffective in accurately classifying P2P traffic as they possess significant limitations. As new P2P applications keep emerging and existing applications change their communication patterns, a single classification approach may not be sufficient to classify P2P traffic with high accuracy. Therefore, a multi-level P2P traffic classification technique is proposed in this paper, which utilizes the benefits of both heuristic and statistical-based techniques. By analyzing the behavior of various P2P applications, some heuristic rules have been proposed to classify P2P traffic. The traffic which remains unclassified as P2P undergoes further analysis, where statistical-features of traffic are used with the C4.5 decision tree for P2P classification. The proposed technique classifies P2P traffic with high accuracy (i.e., 98.30%), works with both TCP and UDP traffic, and is not affected even if the traffic is encrypted.

show abstract

Section: Datasets Validation and Experimental Resultsmentioning

confidence: 99%

“…However, this technique also relies on the payload based approach, which has various limitations. Ye and Cho [19][20][21] proposed a hybrid technique to classify P2P traffic in two steps. The first step performs classification at the packet-level by combining signature-based and heuristic-based techniques.…”

Section: Related Workmentioning

confidence: 99%

Multi-Level P2P Traffic Classification Using Heuristic and Statistical-Based Techniques: A Hybrid Approach

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The proposed scheme showed low overhead & high scalability and was able to achieve the accuracy rates of 98.19 & 99.82 % in terms of flows and bytes. The authors in [97] used similar hybrid approach to classify and distinguish between P2P botnet traffic from P2P traffic. The botnet traffic of Storm, Waledac, Conficker, C&C and Zeus were mixed to create three datasets.…”

Section: Classification Of Traffic In the Darkmentioning

confidence: 99%

Identifying P2P traffic: A survey

Bhatia

Kumar

2016

Peer-to-Peer Netw. Appl.

View full text Add to dashboard Cite

Peer-to-Peer (P2P) traffic is widely used for the purpose of streaming media, file-sharing, instant messaging, games, software etc., which often involves copyrighted data. From the past decade, P2P traffic has been contributing to major portion of Internet traffic which is still rising and hence is consuming a lot of network traffic bandwidth. It also worsens congestion of network traffic significantly and degrades the performance of traditional client-server applications. Popularity of various P2P applications has led Internet Service Providers (ISPs) to face various challenges regarding efficiently and fairly utilizing network resources. The traditional methods of identifying P2P traffic such as port-based and payload-based are proving ineffective due to their significant limitations and can be bypassed. Hence, new approaches based on statistics or behaviour of network traffic needs to be developed and adopted in order to accurately identify existing and new P2P traffic which emerge over the time. This article presents a survey regarding various strategies involved in identifying P2P traffic. Furthermore, conceptual analysis of network traffic measurement and monitoring is also presented.

show abstract

“…However, if there was only one zombie host in the current network, or if no traffic from different zombie hosts was found in the captured packets, this method was demonstrated inefficient by Zhang [17]. The three DT algorithms REPTree, Carriage, and C45 were analyzed in the study [23,24], where C45 with the lowest performance because its algorithm was easily under pruning, and the overfitting algorithm was more severe than REPTree. Encrypted P2P or unknown traffic could be classified by the statistics-based method, but it is not highly accurate, and could not identify untrained P2P traffic correctly [23].…”

Section: Related Workmentioning

confidence: 99%

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

et al. 2019

View full text Add to dashboard Cite

In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%.

show abstract

P2P and P2P botnet traffic classification in two stages

Cited by 20 publications

References 38 publications

Multi-Level P2P Traffic Classification Using Heuristic and Statistical-Based Techniques: A Hybrid Approach

Multi-Level P2P Traffic Classification Using Heuristic and Statistical-Based Techniques: A Hybrid Approach

Identifying P2P traffic: A survey

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

Contact Info

Product

Resources

About