Analysis and detection of P2P botnet connections based on node behaviour

M.R. Rostami; B. Shanmugam; N.B. Idris

doi:10.1109/WICT.2011.6141372

Analysis and detection of P2P botnet connections based on node behaviour

M.R. Rostami, B. Shanmugam, N.B. Idris

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper published in Proceedings › peer-review

Abstract

Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.

Original language	English
Title of host publication	Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	928-933
Number of pages	6
ISBN (Print)	978-146730125-1
DOIs	https://doi.org/10.1109/WICT.2011.6141372
Publication status	Published - 2011
Externally published	Yes
Event	2011 World Congress on Information and Communication Technologies - Mumbai; India Duration: 11 Dec 2011 → 14 Dec 2011

Conference

Conference	2011 World Congress on Information and Communication Technologies
Abbreviated title	WICT 2011
Period	11/12/11 → 14/12/11

Access to Document

10.1109/WICT.2011.6141372

Cite this

@inproceedings{05030cb0b771413285b1d77b7c01a731,

title = "Analysis and detection of P2P botnet connections based on node behaviour",

abstract = "Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection. ",

keywords = "botnet, node behaviour, peer to peer (P2P), port numbers, process identification, Peer to peer, Port numbers, Process identification, Information technology, Distributed computer systems",

author = "M.R. Rostami and B. Shanmugam and N.B. Idris",

year = "2011",

doi = "10.1109/WICT.2011.6141372",

language = "English",

isbn = "978-146730125-1",

pages = "928--933",

booktitle = "Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States",

note = "2011 World Congress on Information and Communication Technologies, WICT 2011 ; Conference date: 11-12-2011 Through 14-12-2011",

}

Rostami, MR, Shanmugam, B & Idris, NB 2011, Analysis and detection of P2P botnet connections based on node behaviour. in Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011., 6141372, IEEE, Institute of Electrical and Electronics Engineers, pp. 928-933, 2011 World Congress on Information and Communication Technologies, 11/12/11. https://doi.org/10.1109/WICT.2011.6141372

Analysis and detection of P2P botnet connections based on node behaviour. / Rostami, M.R.; Shanmugam, B.; Idris, N.B.

Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011. IEEE, Institute of Electrical and Electronics Engineers, 2011. p. 928-933 6141372.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper published in Proceedings › peer-review

TY - GEN

T1 - Analysis and detection of P2P botnet connections based on node behaviour

AU - Rostami, M.R.

AU - Shanmugam, B.

AU - Idris, N.B.

PY - 2011

Y1 - 2011

N2 - Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.

AB - Fast development of computer and especially Internet caused many issues for its users as well as its benefits. Nowadays, cyber criminals are utilizing Botnets to reach their goals. They have noticed that centralized structure is detected quickly. Hence the Peer to Peer Botnets are the most recent kind of Botnets that, they are applying encryption as well as rootkit capabilities to not being detected. In addition they mimic the performance of P2P software such as BitTorrent to make hard distinguishing the healthy packet from malicious packet in a large dataset. The proposed method is based on the correlation of Process Name besides the Ports as well as the Network Traffic. In the existing Operating Systems, every process is assigned a number that is called Port. By using this unique port and the process name, our experimental results show an acceptable rate of detection.

KW - botnet

KW - node behaviour

KW - peer to peer (P2P)

KW - port numbers

KW - process identification

KW - Peer to peer

KW - Port numbers

KW - Process identification

KW - Information technology

KW - Distributed computer systems

UR - https://www.scopus.com/record/display.uri?eid=2-s2.0-84857143452&doi=10.1109%2fWICT.2011.6141372&origin=inward&txGid=0301d8f6b86509db88c5f50653b90f5a

U2 - 10.1109/WICT.2011.6141372

DO - 10.1109/WICT.2011.6141372

M3 - Conference Paper published in Proceedings

SN - 978-146730125-1

SP - 928

EP - 933

BT - Proceedings of the 2011 World Congress on Information and Communication Technologies, WICT 2011

PB - IEEE, Institute of Electrical and Electronics Engineers

T2 - 2011 World Congress on Information and Communication Technologies

Y2 - 11 December 2011 through 14 December 2011

ER -

Analysis and detection of P2P botnet connections based on node behaviour

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this