Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis

Zhuang, Di; Chang, J. Morris

doi:10.1109/tifs.2018.2881657

Cited by 38 publications

(13 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…None formally disclosed, architecture discussed instead. [72][73][74][75][76][77] Other botnets use obfuscation tactics to hide the true identity/position of the C&C's location, showcasing a trend of botnets growing more versatile and elusive to researchers.…”

Section: Associated Area Of Interest Vector Of Attack Year Papersmentioning

confidence: 99%

“…This type of hardened P2P-based botnet is also explored and explained in detail in Andriesse et al [75]. In order to counteract this phenomenon in botnet evolution, entirely new approaches much be made, such as [76], which proposes a different take on detection of P2P botnets, based on its behaviour. Some papers, such as [77], have attempted to model the resilience of P2P botnets to help researchers identify weaknesses and potential mitigation against P2P botnets.…”

Section: P2p-based Botnets and Their Intricaciesmentioning

confidence: 99%

“…The number of mutually connected nodes indicates the number of potential botnet communities and is used to identify candidates for botnet detection [179]. Reference [76] further builds on top of PeerHunter to identify whether the previously identified communities are part of a botnet or not. The detection mechanism for the communities use a network flow analysis method to detect botnets, with the primary factors being the ratio of egress/ingress packets, mutual contacts ratio and destination diversity ratio.…”

Section: Botnet Application Sandboxingmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.

show abstract

Section: Associated Area Of Interest Vector Of Attack Year Papersmentioning

confidence: 99%

Section: P2p-based Botnets and Their Intricaciesmentioning

confidence: 99%

Section: Botnet Application Sandboxingmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

show abstract

“…Fortunately, IRCbased botnets can be easily defeated by shutting down and restarting the IRC server. However, attackers have found new protocols through which delivering the botnet activities, so that botnets based on HTTP protocol and P2P (Peer-to-Peer) protocol have appeared [24,32]. The latter have the most dangerous characteristics in terms of decentralization and strong resilience, since P2P-based botnets cannot be easily shut down like IRC-based botnets and its activities are more difficult to detect [26,27].…”

Section: Introductionmentioning

confidence: 99%

“…In view of this observation, methods in [7,13,31,32] are all based on botnet behavior, i.e. they classified botnet behavior based on time intervals without having seen a complete network flow.…”

Section: Introductionmentioning

confidence: 99%

Unsupervised detection of botnet activities using frequent pattern tree mining

Hao

Liu

Baldi

et al. 2021

Complex Intell. Syst.

View full text Add to dashboard Cite

A botnet is a network of remotely-controlled infected computers that can send spam, spread viruses, or stage denial-of-service attacks, without the consent of the computer owners. Since the beginning of the 21st century, botnet activities have steadily increased, becoming one of the major concerns for Internet security. In fact, botnet activities are becoming more and more difficult to be detected, because they make use of Peer-to-Peer protocols (eMule, Torrent, Frostwire, Vuze, Skype and many others). To improve the detectability of botnet activities, this paper introduces the idea of association analysis in the field of data mining, and proposes a system to detect botnets based on the FP-growth (Frequent Pattern Tree) frequent item mining algorithm. The detection system is composed of three parts: packet collection processing, rule mining, and statistical analysis of rules. Its characteristic feature is the rule-based classification of different botnet behaviors in a fast and unsupervised fashion. The effectiveness of the approach is validated in a scenario with 11 Peer-to-Peer host PCs, 42063 Non-Peer-to-Peer host PCs, and 17 host PCs with three different botnet activities (Storm, Waledac and Zeus). The recognition accuracy of the proposed architecture is shown to be above 94%. The proposed method is shown to improve the results reported in literature.

show abstract

Intelligent botnet detection in IoT networks using parallel CNN‐LSTM fusion

Jiang,

Weng,

Shi

et al. 2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryWith the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

show abstract

Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis

Cited by 38 publications

References 27 publications

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Unsupervised detection of botnet activities using frequent pattern tree mining

Intelligent botnet detection in IoT networks using parallel CNN‐LSTM fusion

Contact Info

Product

Resources

About