Skip to main content

PeerClear: Peer-to-Peer Bot-net Detection

  • Conference paper
  • First Online:
Cyber Security Cryptography and Machine Learning (CSCML 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11527))

Abstract

A bot-net is a network of infected hosts (bots) that works independently under the control of a Botmaster (Bot herder), which issues commands to bots using command and control (C&C) servers. Bot-net architectures have advanced over time, to evade detection and disruption. Traditionally, bot-nets used a centralized client-server architecture which had a single point of failure but with the advent of peer-to-peer technology, the problem of single point of failure seems to have been resolved. Gaining advantage of the decentralized nature of the P2P architecture, botmasters started using P2P based communication mechanism. P2P bot-nets are highly resilient against detection even after some bots are identified or taken down. P2P bot-nets provide central frameworks for different cyber-crimes which include DDoS (Distributed Denial of Service), email spam, phishing, password sniffing, etc. In this paper, we propose PeerClear, an approach for identifying P2P bot-nets using network traffic analysis. PeerClear uses a two-step process for identifying P2P bots. In the first step, the hosts involved in P2P traffic are detected and in the second step, the detected hosts are further analyzed to detect bot-nets. Our evaluation shows that our approach PeerClear outperformed several recent approaches and achieves a high detection rate of 99.85%. We also implement multiple new approaches reported in the literature and test on the same dataset to evaluate their relative performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Internet world stats (2018). https://www.internetworldstats.com/stats.htm

  2. Peerrush (2018). http://peerrush.cs.uga.edu/peerrush/

  3. Tshark - Dump and Analyze Network Traffic, March 2018. https://www.wireshark.org/docs/man-pages/tshark.html

  4. Vint Cerf: One Quarter of All Computers part of a Botnet (2018). http://www.tmttlt.com/archives/5289/

  5. Alauthaman, M., Aslam, N., Zhang, L., Alasem, R., Hossain, M.A.: A P2P botnet detection scheme based on decision tree and adaptive multilayer neural networks. Neural Comput. Appl. 29(11), 991–1004 (2018)

    Article  Google Scholar 

  6. Beiknejad, H., Vahdat-Nejad, H., Moodi, H.: P2P botnet detection based on traffic behavior analysis and classification. Int. J. Comput. Inf. Technol. 6(1), 01–12 (2018)

    Google Scholar 

  7. Chen, T., Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 785–794. ACM (2016)

    Google Scholar 

  8. Comodo: Latest malware attacks, May 2018. https://enterprise.comodo.com/blog/tag/latest-malware-attacks/

  9. Dhayal, H., Kumar, J.: Peer-to-Peer botnet detection based on bot behaviour. Int. J. Adv. Res. Comput. Sci. 8(3), 172–175 (2017)

    Google Scholar 

  10. Dillon, C.: Peer-to-Peer botnet detection using NetFlow. Master’s thesis, University of Amsterdam (2014)

    Google Scholar 

  11. Donges, N.: The Random Forest Algorithm (2018). https://towardsdatascience.com/the-random-forest-algorithm-d457d499ffcd

  12. Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (2008)

    Google Scholar 

  13. Kheir, N., Han, X., Wolley, C.: Behavioral fine-grained detection and classification of P2P bots. J. Comput. Virol. Hacking Tech. 11(4), 217–233 (2015)

    Article  Google Scholar 

  14. KimiNewt: Python wrapper for tshark, allowing python packet parsing using wireshark dissectors, June 2018. https://github.com/KimiNewt/pyshark

  15. Lelli, A.: Zeusbot/Spyeye P2P Updated, Fortifying the Botnet (2018). https://www.symantec.com/connect/blogs/zeusbotspyeye-p2p-updated-fortifying-botnet

  16. Lontivero: A Resilient Peer-to-Peer Botnet Agent in.NET, April 2017. https://github.com/lontivero/vinchuca

  17. Narang, P., Ray, S., Hota, C.: PeerShark: detecting peer-to-peer botnets by tracking conversations. In: IEEE Security and Privacy Workshops (2014)

    Google Scholar 

  18. Nunnery, C., Sinclair, G., Kang, B.B.: Tumbling down the rabbit hole: exploring the idiosyncrasies of botmaster systems in a multi-tier botnet infrastructure. In: Proceedings of the 3rd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (2010)

    Google Scholar 

  19. Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)

    Google Scholar 

  20. Rodriguez-Gomez, R.A., Macia-Fernandez, G., García-Teodoroa, P., Steiner, M., Balzarotti, D.: Resource monitoring for detection of parasite P2P botnets. Comput. Netw. 70, 302–3011 (2014)

    Article  Google Scholar 

  21. Saiyod, S., Chanthakoummane, Y., Benjamas, N., Khamphakdee, N., Chaichawananit, J.: Improving intrusion detection on snort rules for botnet detection. Softw. Netw. 2018(1), 191–212 (2018)

    Google Scholar 

  22. Schollmeier, R.: A definition of peer-to-peer networking for the classification of peer-to-peer architectures and applications. In: First International Conference on Peer-to-Peer Computing (2002)

    Google Scholar 

  23. Singh, S.C.: High-tech and computer crimes: global challenges, global responses. In: Nirmal, B., Singh, R. (eds.) Contemporary Issues in International Law, pp. 413–437. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-6277-3_30

    Chapter  Google Scholar 

  24. Yin, C.: Towards accurate node-based detection of P2P botnets. Sci. World J. 2014, 10 p. (2014)

    Google Scholar 

Download references

Acknowledgement

This work was partially funded by Science and Engineering Research Board, Government of India.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Anand Handa .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kumar, A., Kumar, N., Handa, A., Shukla, S.K. (2019). PeerClear: Peer-to-Peer Bot-net Detection. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2019. Lecture Notes in Computer Science(), vol 11527. Springer, Cham. https://doi.org/10.1007/978-3-030-20951-3_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20951-3_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20950-6

  • Online ISBN: 978-3-030-20951-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics