Abstract
Recently malicious code is spreading rapidly due to the use of P2P(peer to peer) file sharing. The malicious code distributed mostly transformed the infected PC as a botnet for various attacks by attackers. This can take important information from the computer and cause a large-scale DDos attack. Therefore it is extremely important to detect and block the malicious code in early stage. However a centralized security monitoring system widely used today cannot detect a sharing file on a P2P network. In this paper, to compensate the defect, P2P file sharing events are obtained and the behavior is analyzed. Based on the analysis a malicious file detecting system is proposed and synchronized with a security monitoring system on a virtual machine. In application result, it has been detected such as botnet malware using P2P. It is improved by 12 % performance than existing security monitoring system. The proposed system can detect suspicious P2P sharing files that were not possible by an existing system. The characteristics can be applied for security monitoring to block and respond to the distribution of malicious code through P2P.
Similar content being viewed by others
References
Lee H-G (2012) “An effective security monitoring system based on correlation analysis of multiple security events,” Doctorate thesis, Dept. of Information Security Engineering, Chonbuk national University
Buford (2008) “P2P Networking and Applications,” Elsevier
Tech Report (2014) “BitTorrent Analysis,” AhnLab
Bickson D, Reinman T, Dolev D, Pinkas B (2010) Peer-to-peer secure multi-party numerical computation facing malicious adversaries. Peer-to-Peer Netw Appl 3(2):129–144
Selvaraj C, Anand S (2012) Peer profile based trust model for P2P systems using genetic algorithm. Peer-to-Peer Netw Appl 5(1):92–103
Sen S, Wang J (2004) Analyzing peer-to-peer traffic across large networks. IEEE/ACM Trans Netw 12(2):219–232
Seon Dong Heo (2011) “HTTP-based Bot detection based on traffic analysis,” Master’s Thesis, Dept. of Computer Science, KAIST
Lin S-C, Chen PS, Chang C-C (2014) A novel method of mining network flow to detect P2P botnets. Peer-to-Peer Netw Appl 7(4):645–654
Bonghan K (2009) The structure of a P2P application for file sharing and the security threat. Korea Contents Assoc 7(1):20–27
Karagiannis T, Broido A, Faloutsos M, Kc claffy (2004) “Transport layer identification of P2P traffic,” IMC ‘04 Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp 121–134.
Tech Report (2014) “Science and technology cyber threats report,” Science and Technology Security Center
Spitzner L (2002) Honeypots, “Tracking Hackers,”. Addison-Wesley Longman Publishing Co., Inc, Boston
Bächer P, Holz T, Kötter M, Wicherski G (2005) “Know your enemy: tracking botnets,” The honeynet project and research alliance
Acknowledgments
This research was supported by Building Security Service of Advanced KREONET Based funded by Korea Institute of Science and Technology Information.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jung, H.M., Hwang, IS., Moon, JK. et al. A security monitoring method for malicious P2P event detection. Peer-to-Peer Netw. Appl. 9, 498–507 (2016). https://doi.org/10.1007/s12083-015-0369-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-015-0369-4