Referenced Items are not available for this document.
In this paper, we propose a useful method for modeling multi-phased flows of P2P botnet traffic. Botnets are becoming more sophisticated and more dangerous each day and attackers use the P2P protocol to avoid centralized botnet topologies. We focus on the feature that a peer bot generates multiple traffic to communicate with large number of remote peers. In this case, phased botnet flows have similar patterns, which occur at irregular intervals. We compress duplicated flows via flow grouping and construct a transition model of the clustered flows using a probability-based matrix. A flow state is decided by features consisting of; protocol, port, and traffic. Our model involves transition information about the state values. Finally, we use the likelihood ratio for detection. In the experimental evaluation, we show the efficiency of our proposed system with the SpamThru, Storm, and Nugache botnets.
Published in:
Digital Society, 2009. ICDS '09. Third International Conference on
Date of Conference: 1-7 Feb. 2009
- Page(s):
- 247 - 253
- E-ISBN :
- 978-0-7695-3526-5
- Print ISBN:
- 978-1-4244-3550-6
- INSPEC Accession Number:
- 10478937
- Conference Location :
- Cancun
- Digital Object Identifier :
- 10.1109/ICDS.2009.37
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
