Analysis and detection of P2P botnet connections based on node behaviour

M.R. Rostami, B. Shanmugam, N.B. Idris

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

Abstract

Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.
Original languageEnglish
Title of host publicationProceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages928-933
Number of pages6
ISBN (Print)978-146730125-1
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event2011 World Congress on Information and Communication Technologies - Mumbai; India
Duration: 11 Dec 201114 Dec 2011

Conference

Conference2011 World Congress on Information and Communication Technologies
Abbreviated titleWICT 2011
Period11/12/1114/12/11

Fingerprint

Cryptography
Internet
Botnet
Malware

Cite this

Rostami, M. R., Shanmugam, B., & Idris, N. B. (2011). Analysis and detection of P2P botnet connections based on node behaviour. In Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011 (pp. 928-933). [6141372] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/WICT.2011.6141372
Rostami, M.R. ; Shanmugam, B. ; Idris, N.B. / Analysis and detection of P2P botnet connections based on node behaviour. Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011. IEEE, Institute of Electrical and Electronics Engineers, 2011. pp. 928-933
@inproceedings{05030cb0b771413285b1d77b7c01a731,
title = "Analysis and detection of P2P botnet connections based on node behaviour",
abstract = "Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.",
keywords = "botnet, node behaviour, peer to peer (P2P), port numbers, process identification, Peer to peer, Port numbers, Process identification, Information technology, Distributed computer systems",
author = "M.R. Rostami and B. Shanmugam and N.B. Idris",
year = "2011",
doi = "10.1109/WICT.2011.6141372",
language = "English",
isbn = "978-146730125-1",
pages = "928--933",
booktitle = "Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States",

}

Rostami, MR, Shanmugam, B & Idris, NB 2011, Analysis and detection of P2P botnet connections based on node behaviour. in Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011., 6141372, IEEE, Institute of Electrical and Electronics Engineers, pp. 928-933, 2011 World Congress on Information and Communication Technologies, 11/12/11. https://doi.org/10.1109/WICT.2011.6141372

Analysis and detection of P2P botnet connections based on node behaviour. / Rostami, M.R.; Shanmugam, B.; Idris, N.B.

Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011. IEEE, Institute of Electrical and Electronics Engineers, 2011. p. 928-933 6141372.

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

TY - GEN

T1 - Analysis and detection of P2P botnet connections based on node behaviour

AU - Rostami, M.R.

AU - Shanmugam, B.

AU - Idris, N.B.

PY - 2011

Y1 - 2011

N2 - Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.

AB - Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.

KW - botnet

KW - node behaviour

KW - peer to peer (P2P)

KW - port numbers

KW - process identification

KW - Peer to peer

KW - Port numbers

KW - Process identification

KW - Information technology

KW - Distributed computer systems

UR - https://www.scopus.com/record/display.uri?eid=2-s2.0-84857143452&doi=10.1109%2fWICT.2011.6141372&origin=inward&txGid=0301d8f6b86509db88c5f50653b90f5a

U2 - 10.1109/WICT.2011.6141372

DO - 10.1109/WICT.2011.6141372

M3 - Conference Paper published in Proceedings

SN - 978-146730125-1

SP - 928

EP - 933

BT - Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011

PB - IEEE, Institute of Electrical and Electronics Engineers

ER -

Rostami MR, Shanmugam B, Idris NB. Analysis and detection of P2P botnet connections based on node behaviour. In Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011. IEEE, Institute of Electrical and Electronics Engineers. 2011. p. 928-933. 6141372 https://doi.org/10.1109/WICT.2011.6141372