PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations

Narang, Pratik; Ray, Subhajit; Hota, Chittaranjan; Venkatakrishnan, V.

doi:10.1109/spw.2014.25

Cited by 45 publications

(44 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some security researchers believe that the statistical behavior of P2P botnets is better extracted using 2‐tuple conversation instead of 5‐tuple flow . Peershark is a conversation‐based statistical P2P botnet detection approach which not only can recognize P2P botnet traffic from legitimate P2P traffic but also can correctly classify the P2P application running on a host. A set of four features is introduced in this work to characterize the conversations.…”

Section: A Taxonomy Of P2p Botnet Detection Footprintsmentioning

confidence: 99%

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

Daneshgar

Abbaspour

2019

Int J Communication

View full text Add to dashboard Cite

Summary Botnet is a distributed platform for illegal activities severely threaten the security of the Internet. Fortunately, although their complicated nature, bots leave some footprints during the C&C communication that have been utilized by security researchers to design detection mechanisms. Nevertheless, botnet designers are always trying to evade detection systems by leveraging the legitimate P2P protocol as C&C channel or even mimicking legitimate peer‐to‐peer (P2P) behavior. Consequently, detecting P2P botnet in the presence of normal P2P traffic is one of the most challenging issues in network security. However, the resilience of P2P botnet detection systems in the presence of normal P2P traffic is not investigated in most proposed schemes. In this paper, we focused on the footprint as the most essential part of a detection system and presented a taxonomy of footprints utilized in behavioral P2P botnet detection systems. Then, the resilience of mentioned footprints is analyzed using three evaluation scenarios. Our experimental and analytical investigations indicated that the most P2P botnet footprints are not resilient to the presence of legitimate P2P traffic and there is a pressing need to introduce more resilient footprints.

show abstract

Section: A Taxonomy Of P2p Botnet Detection Footprintsmentioning

confidence: 99%

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

Daneshgar

Abbaspour

2019

Int J Communication

View full text Add to dashboard Cite

show abstract

“…We adopt some features for P2P application traffic categorization and botnet detection used in [5,8,9,26]. We list our feature set as follows: We compare the detection performance of our feature set with the works by Rahbarinia et al [5] and Narang et al [26].…”

Section: Feature Selectionmentioning

confidence: 99%

“…Narang et al [8] used a 2-tuple conversation approach for P2P botnet detection and relied only on the information obtained from the TCP/UDP/IP headers. They also used machine learning algorithms to classify the traffic and obtained pretty good prediction rate.…”

Section: Network-based and Flow-based Botnet Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting P2P Botnet in Software Defined Networks

Chen

Tsai

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Software Defined Network separates the control plane from network equipment and has great advantage in network management as compared with traditional approaches. With this paradigm, the security issues persist to exist and could become even worse because of the flexibility on handling the packets. In this paper we propose an effective framework by integrating SDN and machine learning to detect and categorize P2P network traffics. This work provides experimental evidence showing that our approach can automatically analyze network traffic and flexibly change flow entries in OpenFlow switches through the SDN controller. This can effectively help the network administrators manage related security problems.

show abstract

“…CluSiBotHealer uses packet and flow characteristics of P2P botnets and uses clustering unlike supervised methods used in [19]. In a recent work, conversation based P2P botnet detection "PeerShark" [20] has been proposed. PeerShark is a Port oblivious and Protocol oblivious technique that uses supervised learning algorithms.…”

Section: Related Workmentioning

confidence: 99%

CluSiBotHealer: Botnet Detection through Similarity Analysis of Clusters

Barthakur¹,

Dahal²,

Ghose³

2015

JACN

View full text Add to dashboard Cite

Abstract-Botnets are responsible for most of the security threats in the Internet. Botnet attacks often leverage on their coordinated structures among bots spread over a vast geographical area. In this paper, we propose CluSiBotHealer, a novel framework for detection of Peer-to-Peer (P2P) botnets through data mining technique. P2P botnets are more resilient structure of botnets (re)designed to overcome single point of failure of centralized botnets. Our proposed system is based on clustering of C&C flows within a monitored network for suspected bots. Leveraging on similarity of packet structures and flow structures of frequently exchanged C&C flows within a P2P botnet, our proposed system initially uses clustering of flows and then Jaccard similarity coefficient on sample sets derived from clusters for accurate detection of bots. Ours is a very effective and novel framework which can be used for proactive detection of P2P bots within a monitored network. We empirically validated our model on traces collected from three different P2P botnets namely Nugache, Waledac and P2P Zeus.

show abstract

PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations

Cited by 45 publications

References 20 publications

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic

Detecting P2P Botnet in Software Defined Networks

CluSiBotHealer: Botnet Detection through Similarity Analysis of Clusters

Contact Info

Product

Resources

About