Abstract
Botnet is becoming the biggest threat to the integrity of Internet and its resources. The advent of P2P botnets has made detection and prevention of botnets very difficult. In this paper, we propose a set of metrics for efficient botnet detection. The proposed metrics captures the unique group behavior that is inherent in bot communications. Our premise for proposing group behavior metrics for botnet detection is that, group behavior observed in botnets are unique and this unique group behavior property is inherent in the botnet architecture. The proposed group behavior metrics uses three standard network traffic characteristics, namely, topological properties, traffic pattern statistics and protocol sequence and usage to derive the proposed metrics. We derive six group behavior metrics and illustrate the efficiency of botnet detection using these metrics. It was observed that, group behavior metrics offers a promising solution for botnet detection.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Chang, S., Daniels, T.E.: P2p botnet detection using behavior clustering & statistical tests. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, pp. 23–30. ACM (2009)
Choi, H., Lee, H., Kim, H.: Botgad: detecting botnets by capturing group activities in network traffic. In: Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware, pp. 2:1–2:8. ACM (2009)
Dagon, D., Gu, G., Lee, C.: A taxonomy of botnet structures. In: Botnet Detection, vol. 36, pp. 143–164. Springer US (2008)
Fortunato, S., Castellano, C.: Community structure in graphs, pp. 1141–1163 (2009)
Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, p. 1. USENIX Association (2007)
Ha, D.T., Yan, G., Eidenbenz, S., Ngo, H.Q.: On the effectiveness of structural detection and defense against p2p-based botnets. In: IEEE/IFIP International Conference on Dependable Systems Networks, pp. 297–306 (2009)
Honov, S.A., Ivchenko, G.I.: On the jaccard similarity test. Journal of Mathematical Sciences 88(6), 789–794 (1998)
Kang, B., Nunnery, C.: Decentralized peer-to-peer botnet architectures. Advances in Information and Intelligent Systems 251, 251–264 (2009)
Choi, S., Kang, Y.: Common Neighborhood Sub-graph Density as a Similarity Measure for Community Detection. In: Leung, C.S., Lee, M., Chan, J.H. (eds.) ICONIP 2009, Part I. LNCS, vol. 5863, pp. 175–184. Springer, Heidelberg (2009)
Newman, M.E.J.: Fast algorithm for detecting community structure in networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics 69(62), 066133-1–066133-5 (2004)
Rossi, D., Sottile, E., Veglia, P.: Black-box analysis of internet p2p applications. In: Peer-to-Peer Networking and Applications, pp. 1–19 (2010)
Van Ruitenbeek, E., Sanders, W.H.: Modeling peer-to-peer botnets. In: Proceedings of the 2008 Fifth International Conference on Quantitative Evaluation of Systems, pp. 307–316. IEEE Computer Society (2008)
Stover, J.H.S., Dittrich, D., Dietrich, S.: Analysis of the storm and nugache trojans: P2p is here (2007)
Caflisch, A., Schuetz, P.: Efficient modularity optimization by multistep greedy algorithm and vertex mover refinement. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics 77(4) (2008)
Strayer, W., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Botnet Detection, vol. 36, pp. 1–24. Springer US (2008)
Wang, P., Wu, L., Aslam, B., Zou, C.C.: A systematic study on peer-to-peer botnets. In: International Conference on Computer Communications and Networks, pp. 1–8 (2009)
Bo, L., Yujian, L.: A normalized levenshtein distance metric. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(6), 1091–1095 (2007)
Borazjani, P.N., Zeidanloo, H.R., Hosseinpour, F.: Botnet detection based on common network behaviors by utilizing artificial immune system(ais)  1, V121–V125 (2010)
Kadobayashi, Y., Zhang, Z.: A holistic perspective on understanding and breaking botnets: Challenges and countermeasures. Journal of the National Institute of Information and Communications Technology 55(2-3), 43–59 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Felix, J., Joseph, C., Ghorbani, A.A. (2012). Group Behavior Metrics for P2P Botnet Detection. In: Chim, T.W., Yuen, T.H. (eds) Information and Communications Security. ICICS 2012. Lecture Notes in Computer Science, vol 7618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34129-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-34129-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34128-1
Online ISBN: 978-3-642-34129-8
eBook Packages: Computer ScienceComputer Science (R0)