Name
Title | ||
|---|---|---|
Detecting parasite p2p botnet in eMule-like networks through quasi-periodicity recognition |
Abstract | ||
|---|---|---|
It's increasingly difficult to detect botnets since the introduction of P2P communication. The flow characteristics and behaviors can be easily hidden if an attacker exploits the common P2P applications' protocol to build the network and communicate. In this paper, we analyze two potential command and control mechanisms for Parasite P2P Botnet, we then identify the quasi periodical pattern of the request packets caused by Parasite P2P Botnet sending requests to search for the Botmaster's commands in PULL mode. Considering our observation, a Parasite P2P Botnet detection framework and a mathematical model are proposed, and two algorithms named Passive Match Algorithm and Active Search Algorithm are developed. Our experimental results are inspiring and suggest that our approach is capable of detecting the P2P botnet leeching in eMule-like networks. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1007/978-3-642-31912-9_9 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
Keywords | Field | DocType |
emule-like network,p2p communication,detecting parasite,active search algorithm,parasite p2p botnet detection,control mechanism,p2p application,quasi-periodicity recognition,passive match algorithm,p2p botnet,pull mode,parasite p2p botnet | Search algorithm,Command and control,Computer science,Botnet,Computer security,Network packet,Computer network,Theoretical computer science,Exploit | Conference |
Volume | Issue | ISSN |
7259 LNCS | null | 16113349 |
Citations | PageRank | References |
2 | 0.36 | 17 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yong Qiao | 1 | 2 | 0.36 |
| Yuexiang Yang | 2 | 55 | 12.66 |
| Jie He | 3 | 19 | 7.35 |
| Bo Liu | 4 | 63 | 12.54 |
| Yingzhi Zeng | 5 | 22 | 5.59 |