Abstract | ||
---|---|---|
The decentralized nature of Peer-to-Peer (P2P) botnets makes them difficult to detect. Their distributed nature also exhibits resilience against take-down attempts. Moreover, smarter bots are stealthy in their communication patterns, and elude the standard discovery techniques which look for anomalous network or communication behavior. In this paper, we propose Peer Shark, a novel methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Instead of the traditional 5-tuple 'flow-based' detection approach, we use a 2-tuple 'conversation-based' approach which is port-oblivious, protocol-oblivious and does not require Deep Packet Inspection. Peer Shark could also classify different P2P applications with an accuracy of more than 95%. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/SPW.2014.25 | IEEE Symposium on Security and Privacy Workshops |
Keywords | Field | DocType |
computer network security,invasive software,peer-to-peer computing,telecommunication traffic,2-tuple conversation-based approach,P2P applications,P2P botnet traffic,PeerShark,anomalous network,communication behavior,communication patterns,conversations tracking,flow-based detection,peer-to-peer botnets detection,port-oblivious,protocol-oblivious,standard discovery techniques,botnet,machine learning,peer-to-peer | Psychological resilience,Deep packet inspection,Internet privacy,Peer-to-peer,Botnet,Computer science,Computer security,Computer network,Dead Peer Detection,Peer to peer computing,Feature extraction,The Internet | Conference |
Citations | PageRank | References |
8 | 0.44 | 22 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Pratik Narang | 1 | 60 | 11.31 |
Subhajit Ray | 2 | 8 | 0.44 |
Chittaranjan Hota | 3 | 129 | 16.89 |
Venkat Venkatakrishnan | 4 | 8 | 0.44 |