A security monitoring method for malicious P2P event detection
- 418 Downloads
Recently malicious code is spreading rapidly due to the use of P2P(peer to peer) file sharing. The malicious code distributed mostly transformed the infected PC as a botnet for various attacks by attackers. This can take important information from the computer and cause a large-scale DDos attack. Therefore it is extremely important to detect and block the malicious code in early stage. However a centralized security monitoring system widely used today cannot detect a sharing file on a P2P network. In this paper, to compensate the defect, P2P file sharing events are obtained and the behavior is analyzed. Based on the analysis a malicious file detecting system is proposed and synchronized with a security monitoring system on a virtual machine. In application result, it has been detected such as botnet malware using P2P. It is improved by 12 % performance than existing security monitoring system. The proposed system can detect suspicious P2P sharing files that were not possible by an existing system. The characteristics can be applied for security monitoring to block and respond to the distribution of malicious code through P2P.
KeywordsSecurity monitoring system Virtual machine Malicious sharing file Behavior analysis P2P
This research was supported by Building Security Service of Advanced KREONET Based funded by Korea Institute of Science and Technology Information.
- 1.Lee H-G (2012) “An effective security monitoring system based on correlation analysis of multiple security events,” Doctorate thesis, Dept. of Information Security Engineering, Chonbuk national UniversityGoogle Scholar
- 2.Buford (2008) “P2P Networking and Applications,” ElsevierGoogle Scholar
- 3.Tech Report (2014) “BitTorrent Analysis,” AhnLabGoogle Scholar
- 7.Seon Dong Heo (2011) “HTTP-based Bot detection based on traffic analysis,” Master’s Thesis, Dept. of Computer Science, KAISTGoogle Scholar
- 9.Bonghan K (2009) The structure of a P2P application for file sharing and the security threat. Korea Contents Assoc 7(1):20–27Google Scholar
- 10.Karagiannis T, Broido A, Faloutsos M, Kc claffy (2004) “Transport layer identification of P2P traffic,” IMC ‘04 Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp 121–134.Google Scholar
- 11.Tech Report (2014) “Science and technology cyber threats report,” Science and Technology Security CenterGoogle Scholar
- 12.Spitzner L (2002) Honeypots, “Tracking Hackers,”. Addison-Wesley Longman Publishing Co., Inc, BostonGoogle Scholar
- 13.Bächer P, Holz T, Kötter M, Wicherski G (2005) “Know your enemy: tracking botnets,” The honeynet project and research allianceGoogle Scholar