PeerRush: Mining for Unwanted P2P Traffic

Rahbarinia, Babak; Perdisci, Roberto; Lanzi, Andrea; Li, Kang

doi:10.1007/978-3-642-39235-1_4

Cited by 47 publications

(32 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We adopt the approach used in PeerRush [5] and collect network traffic samples generated by different P2P botnets and normal P2P applications from [5]. To train our classification models to find out network traffic of P2P botnet, we use network traffic trace files of Storm and Zeus Botnet as malicious training samples.…”

Section: Building Detection Model and Training Setmentioning

confidence: 99%

“…Botnets represent a collaborative and highly distributed platform that conduct a wide range of malicious and illegal activities, such as launching Distributed Denial of Service (DDoS) attacks, sending SPAM e-mails and click fraud, and collecting confidential information. In order to mitigate security threat posed by botnets, many detection methods have been proposed in the literature over the last decade [1][2][3][4][5][6]. These detection methods are based on numerous technical principles and assumptions that the botnets produce their own behaviors and the patterns of network traffic.…”

Section: Introductionmentioning

confidence: 99%

“…These detection methods are based on numerous technical principles and assumptions that the botnets produce their own behaviors and the patterns of network traffic. One of the most prominent botnet detection methods is based on identifying network traffic produced by botnets using machine learning techniques [5][6][7][8][9].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Detecting P2P Botnet in Software Defined Networks

Chen

Tsai

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Software Defined Network separates the control plane from network equipment and has great advantage in network management as compared with traditional approaches. With this paradigm, the security issues persist to exist and could become even worse because of the flexibility on handling the packets. In this paper we propose an effective framework by integrating SDN and machine learning to detect and categorize P2P network traffics. This work provides experimental evidence showing that our approach can automatically analyze network traffic and flexibly change flow entries in OpenFlow switches through the SDN controller. This can effectively help the network administrators manage related security problems.

show abstract

Section: Building Detection Model and Training Setmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting P2P Botnet in Software Defined Networks

Chen

Tsai

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The dataset of P2P botnet traffic is obtained from a third party (Rahbarinia et al, 2013). This dataset includes a five-hour trace of Waledac, which contains three bots; a 24-hour trace of Zeus, which contains one bot; and a 6.15-hour trace of Neris, which also contains one bot.…”

Section: Dataset Of P2p Botnet Trafficmentioning

confidence: 99%

A Novel Botnet Detection System for P2P Networks

Obeidat¹,

Al-Kofahi²,

Bawaneh³

et al. 2017

Journal of Computer Science

View full text Add to dashboard Cite

Botnets remain an active security problem on the Internet and various computer networks. They are continuously developing with regard to protocols, structure and quality of attacks. Many botnet detection programs are currently available, but only few can detect bots in real-time. The sooner bots are detected the lesser damage they can cause. In this paper, a novel botnet detection system, is proposed to detect peer-to-peer bots. The system consists of three-phases filtering, P2P detection and P2P botnet detection phases. For the third phase, P2P network behavior analysis is performed to detect P2P bots. Experimental results showed that the system exhibits high average true positive rate and extremely low average false positive rate during botnet detection.

show abstract

“…Similarly, Waledac and P2P Zeus traffic traces were obtained from Department of Computer Science, University of Georgia. These traces were also used in the botnet related research works of [23]. A botnet's packet sizes are usually smaller and are seldom to the size of MTU.…”

Section: B Data Overviewmentioning

confidence: 99%

CluSiBotHealer: Botnet Detection through Similarity Analysis of Clusters

Barthakur¹,

Dahal²,

Ghose³

2015

JACN

View full text Add to dashboard Cite

Abstract-Botnets are responsible for most of the security threats in the Internet. Botnet attacks often leverage on their coordinated structures among bots spread over a vast geographical area. In this paper, we propose CluSiBotHealer, a novel framework for detection of Peer-to-Peer (P2P) botnets through data mining technique. P2P botnets are more resilient structure of botnets (re)designed to overcome single point of failure of centralized botnets. Our proposed system is based on clustering of C&C flows within a monitored network for suspected bots. Leveraging on similarity of packet structures and flow structures of frequently exchanged C&C flows within a P2P botnet, our proposed system initially uses clustering of flows and then Jaccard similarity coefficient on sample sets derived from clusters for accurate detection of bots. Ours is a very effective and novel framework which can be used for proactive detection of P2P bots within a monitored network. We empirically validated our model on traces collected from three different P2P botnets namely Nugache, Waledac and P2P Zeus.

show abstract

PeerRush: Mining for Unwanted P2P Traffic

Cited by 47 publications

References 14 publications

Detecting P2P Botnet in Software Defined Networks

Detecting P2P Botnet in Software Defined Networks

A Novel Botnet Detection System for P2P Networks

CluSiBotHealer: Botnet Detection through Similarity Analysis of Clusters

Contact Info

Product

Resources

About