DOI QR코드

DOI QR Code

Comparison and Analysis of P2P Botnet Detection Schemes

  • Cho, Kyungsan (Dept. of Software Science, Dankook University) ;
  • Ye, Wujian (School of Information Engineering, GuangDong University of Technology)
  • Received : 2017.03.03
  • Accepted : 2017.03.21
  • Published : 2017.03.31

Abstract

In this paper, we propose our four-phase life cycle of P2P botnet with corresponding detection methods and the future direction for more effective P2P botnet detection. Our proposals are based on the intensive analysis that compares existing P2P botnet detection schemes in different points of view such as life cycle of P2P botnet, machine learning methods for data mining based detection, composition of data sets, and performance matrix. Our proposed life cycle model composed of linear sequence stages suggests to utilize features in the vulnerable phase rather than the entire life cycle. In addition, we suggest the hybrid detection scheme with data mining based method and our proposed life cycle, and present the improved composition of experimental data sets through analysing the limitations of previous works.

Keywords

References

  1. W. Ye and K. Cho, "Hybrid P2P Traffic Classification with heuristic rules and machine Learning," Soft Computing, Vol. 19, No. 9, pp. 1815-1827, Sept. 2014.
  2. M. Feeil and A. Shahrestani, "A survey of Botnet and Botnet Detection," Procs. of the Third International Conference on Emerging Security Information, systems and Technologies, pp. 268-273, Athens Greece, Jun. 2009.
  3. W. Ye and K. Cho,"P2P and P2P Botnet Traffic Classification in Two Stages," Soft Computing, Vol. 21, No. 5, pp.1315-1326, Mar. 2017. https://doi.org/10.1007/s00500-015-1863-6
  4. N. Kheir, X. Han and C. Wolley, "Behavioral fine-grained detection and classification of P2P bots," Journal of Computer Virology and Hacking Techniques, Vol. 11, No. 4, pp. 217-233, Nov. 2015. https://doi.org/10.1007/s11416-014-0228-5
  5. M. Mahmoud, et al.,"A Survey on Botnet Architectures, Detection and Defences," International Journal of Network Security, Vol. 17, No.3, pp. 272-289, May 2015.
  6. S. Silva, et al., "Botnets: A survey," Computer Networks, the International Journal of Computer & Telecommunications Networking, Vol. 57 No. 2, pp.378-403, Feb. 2013.
  7. M. Soysal and E. G. Schmidt, "Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison," Performance Evaluation Vol.67. No.6, pp. 451-467, Jun. 2010. https://doi.org/10.1016/j.peva.2010.01.001
  8. I. Ghafi, J. Svoboda and V. Prenosil, "A Survey on Botnet Command and Control Traffic Detection," International Journal of Advances in Computer Networks and Its Security, Vol.5, No,2, pp. 75-80, Apr. 2015.
  9. A. Obeidat and M. Bawaneh, "Survey of the P2P botnet detection methods," International Journal of Emerging Trends of Technology in Computer Science, Vol.5, No.2, pp. 12-23, Apr. 2016.
  10. S. Ghalebandi, R. Noor and A. Lashkari, "A Survey on P2P Botnets Detection," Procs. of International Conference on Communication and Broadband Networking (ICCBN 2011), Kuala Lumlur, Malaysia, Jun. 2011.
  11. M. Elhalabi, et al., "A Review of Peer-to-Peer Botnet Detection Techniques", Journal of Computer Science, Vol. 10, No.1, pp. 169-177, Nov. 2013. https://doi.org/10.3844/jcssp.2014.169.177
  12. P. Vadivu and K. Karthika, "A Survey on Botnet Dectection Approaches In Peer-To-Peer Network." International Journal of Advances in Computer Science and Technology, Vol 3, No.5, pp. 311-317, May 2014.
  13. P. Wang, B. Aslam and C. Zou, "Peer-to-Peer Botnets," Handbook of Information and Communication Security, pp. 335-350, 2009.
  14. Priyanka and M. Dave, "A review of recent Peer-to-Peer botnet detection techniques," Procs. of International Conference on Electronics and Communication Systems. IEEE, pp. 1312-1317, Coimbatore, India, Feb. 2015
  15. R. Rodriguez-Gomes, G. Macia-Fernandez and P. Garcia-Tedoro, "Analysis of Botnets through Life-Cycle," Procs. of SECRYPT 2011 International Conference on Security and Cryptography, pp. 257-262, Seville, Spain, Jul. 2011.
  16. N. Hachenm, et al., "Botnets: Lifecycle and Taxonomy," Procs. of 2011 Conference on Network and Information Systems Security (SAR-SSI), pp. 1-8, May. 2011.
  17. J.B. Grizzard, et al., "Peer-to-peer botnets: overview and case study," Procs. of USENIX Workshop on Hot Topics in Understanding Botnets (HotBots'07), pp. 1-8, Cambridge, USA, Apr. 2007.
  18. J. Leonard, X. Shouhuai and S. Ravi, "A Framework for understanding botnets," Procs. of the international conference on availability, reliability and security, pp. 917-922, Fukuoka, Japan, Mar. 2009.
  19. W. Tarng, C-K. Chou and K-L. Ou, "A P2P Botnet Virus Detection System Based on Data-Mining Algorithms," International Journal of Computer Science & Information Technology, vol. 4, No. 5, pp. 51-65, Oct. 2012. https://doi.org/10.5121/ijcsit.2012.4505
  20. H. Li, et al., "Modeling to Understand P2P Botnets," Procs. of International Conference on Instrumentation and Measurement, Computer, Communication and Control, pp.75-78, Harbin City, China, Dec. 2012.
  21. M. Alauthaman, "A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks," Neural Computer and Applications(First Online), Oct. 2016.
  22. H. Hang and X. Wei, "Entelecheia: Detecting p2p botnets in their waiting stage," Procs. of IFIP Networking Conference, pp. 1-9, Brooklyn, USA, May 2013.
  23. P. Narang, et al., "Peershark: Detecting Peer-to-Peer Botnets by Tracking Conversions," IEEE Security and Privacy workshop, pp.108-115, SanJose, USA, May 2014.
  24. Y Li, Y H, and Z Liang, "A P2P-Bonet Detection Model and Algorithms Based on Network Streams Analysis", International Conference on Future Information Technology and Management Engineering, Vol.1, pp. 55-58, Changzhou, China, Oct. 2010.
  25. Y. Fan and N. Xu, "A P2P Botnet Detection Method Used On-line Monitoring and Off-line Detection," Int. Journal of Security and Its Applications, Vol.8, No. 3, pp.87-96, May 2014. https://doi.org/10.14257/ijsia.2014.8.3.10
  26. C. Sheng, H. Liang and L. Bo, "The P2P Botnet Online Detect Approach Research," Acta Electronica Sinica, Vol.39, No.4, pp. 906-912, Apr. 2011.
  27. P. Barthakur, M. Dahal and M. GHose, "An Efficient Machine Learning Based Classification Scheme for Detecting Distributed Command & Control Traffic of P2P Botnets", International Journal of Modern Education and Computer Science, Vol. 5, No. 10, PP. 9-18, Oct. 2013. https://doi.org/10.5815/ijmecs.2013.10.02
  28. P. Bharathula and N. Menon, "Equitable Machine Learning Algorithms to Probe Over P2P Botnets," Procs. of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications(FICTA), pp.13-21, Durgapur, India, Nov. 2015.
  29. L H Liao and C. Chang, "Peer to Peer Botnet Detection Using Data Mining Scheme," Procs. of International Conference on Internet Technology and Applications. IEEE, pp. 1-4, Wuhan, China, Aug. 2010.
  30. S. Garg, et al., "Behaviour analysis of machine learning algorithms for detecting P2P botnets," Procs. of IEEE 15th International Conference on Advanced Computing Technologies (ICACT): pp. 1-4, Rajampet, India, Sep. 2013.
  31. D. Zhao, et al., "Peer to Peer Botnet Detection Based on Flow Intervals," Information Security and Privacy Research-27th IFIP TC 11 Information Security and Privacy Conference, pp.87-102, Jun. 2012.
  32. P. Wang, et al., "A Systematic Study on Peer-to-Peer Botnets, " International Conference on Computer Communications and Networks, IEEE ICCCN 2009, pp.1-8, August 2009,
  33. H. Jiang and X. Shao, "Detecting P2P botnets by discovering flow dependency in C&C traffic." Peer-to-Peer Networking and Applications, pp.320-331, Dec. 2014.
  34. W. Ye and K. Cho, "P2P Traffic classification using Advanced heuristic Rules and Analysis of Decision Tree Algorithms," Journal of the Korea Society of Computer and Information, Vol. 19, No. 3, pp.45-54, Mar. 2014. https://doi.org/10.9708/JKSCI.2014.19.3.045
  35. G. Gu, et al.,"BotMiner:clustering analysis of network traffic for protocol and structure independent botnet detection," SS'08 Procs of the 17th conference on Security Symposium, pp. 139-154, San Jose, USA, Aug. 2008.
  36. M. Yahyazadeh and M. Abadi, "BotOnus: An online unsupervised method for botnet detection," The ISC Int'l Journal of Information Security, Vol.4, No.1, pp. 51-62, Mar. 2012.
  37. J. Kang and J Y Zhang, "Application Entropy Theory to Detect New Peer-to-Peer Botnet with Multi-chart CUSUM," Procs. of 2009 Second International Symposium on Electronic Commerce and Security, pp.471-475, Nanchang City, China, May 2009.
  38. B. Wang, Z. Li, H. Tu and J. Ma, "Measuring Peer-to-Peer botnets using control flow stability," Procs. of IEEE International Conference on Availability, Reliability and Security ARES'09, pp. 663-669. Fukuoka, Japan, Mar. 2009.
  39. S. K. Noh, et al.,"Detecting P2P Botnets Using a Multi-phased Flow Model," Procs. of Third International Conference on Digital Society. IEEE Computer Society, pp. 247-253, Cancun, Mexico, Feb. 2009.
  40. Y. Zeng and K. G. Shin, "On detection of storm botnets. Real-Time Computing Laboratory," Technical report CSE-TR-560-09, The University of Michigan, pp. 1-7, Dec. 2009.
  41. B. Rahbarinia, R. Perdisci, A. Lanzi and K. Li, "PeerRush: Mining for unwanted p2p traffic," DIMVA 2013-Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science, Vol. 7967. pp. 62-82, JUL. 2013.
  42. S. Garg, S. K. Peddoju and A. K. Sarje, "Scalable P2P bot detection system based on network data stream," Peer-to-Peer Networking and Applications, Vol.9, No6, pp. 1162-1176, Nov. 2016. https://doi.org/10.1007/s12083-015-0403-6
  43. E-S. Hong and M-K. Park, "Severity-based Software Quality Prediction using Class Imbalanced Data," Journal of the Korea Society of Computer and Information, Vol. 21, N0. 4, pp.73-80, Apr. 2016. https://doi.org/10.9708/JKSCI.2016.21.4.073