标题:Identifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis
作者:Wang, Pengfei ;Wang, Fengyu ;Lin, Fengbo ;Cao, Zhenzhong
作者机构:[Wang, Pengfei ;Wang, Fengyu ;Lin, Fengbo ] School of Computer Science and Technology, Shandong University, Jinan, China;[Cao, Zhenzhong ] School of C 更多
会议名称:17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
会议日期:31 July 2018 through 3 August 2018
来源:Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
出版年:2018
页码:283-288
DOI:10.1109/TrustCom/BigDataSE.2018.00051
关键词:botnet detection; P2P botnet; periodicity behavior; Spark
摘要:Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network. © 2018 IEEE.
收录类别:EI;SCOPUS
资源类型:会议论文;期刊论文
原文链接:https://www.scopus.com/inward/record.uri?eid=2-s2.0-85054095493&doi=10.1109%2fTrustCom%2fBigDataSE.2018.00051&partnerID=40&md5=3f2bd82a0cecf63ab20c4ebf2a2a9eee
TOP