Resource monitoring for the detection of parasite P2P botnets |
| |
| Affiliation: | 1. Department of Signal Theory, Telematics and Communications, Universidad de Granada, ETSIIT-CITIC, C/Periodista Daniel Saucedo Aranda, S/N, Granada 18071, Spain;2. Department of Computer Science, Universidad Carlos III de Madrid, Avda. Universidad 30, 28911 Leganés, Madrid, Spain;3. Mante Multidisciplinary Academic Unit, Universidad Autonoma de Tamaulipas, Blvd. Enrique Cardenas Gonzalez, 1201, 89800 Tamaulipas, Mexico |
| |
| Abstract: | Detecting botnet behaviors in networks is a popular topic in the current research literature. The problem of detection of P2P botnets has been denounced as one of the most difficult ones, and this is even sounder when botnets use existing P2P networks infrastructure (parasite P2P botnets). The majority of the detection proposals available at present are based on monitoring network traffic to determine the potential existence of command-and-control communications (C&C) between the bots and the botmaster. As a different and novel approach, this paper introduces a detection scheme which is based on modeling the evolution of the number of peers sharing a resource in a P2P network over time. This allows to detect abnormal behaviors associated to parasite P2P botnet resources in this kind of environments. We perform extensive experiments on Mainline network, from which promising detection results are obtained while patterns of parasite botnets are tentatively discovered. |
| |
| Keywords: | Parasite botnet Detection system Peer-to-peer Mainline |
| 本文献已被 ScienceDirect 等数据库收录! |
|
