Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Information and Communications Security

ICICS 2012: Information and Communications Security pp 93–104Cite as

  1. Home
  2. Information and Communications Security
  3. Conference paper
Group Behavior Metrics for P2P Botnet Detection

Group Behavior Metrics for P2P Botnet Detection

  • John Felix18,
  • Charles Joseph18 &
  • Ali A. Ghorbani18 
  • Conference paper
  • 2071 Accesses

  • 7 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7618)

Abstract

Botnet is becoming the biggest threat to the integrity of Internet and its resources. The advent of P2P botnets has made detection and prevention of botnets very difficult. In this paper, we propose a set of metrics for efficient botnet detection. The proposed metrics captures the unique group behavior that is inherent in bot communications. Our premise for proposing group behavior metrics for botnet detection is that, group behavior observed in botnets are unique and this unique group behavior property is inherent in the botnet architecture. The proposed group behavior metrics uses three standard network traffic characteristics, namely, topological properties, traffic pattern statistics and protocol sequence and usage to derive the proposed metrics. We derive six group behavior metrics and illustrate the efficiency of botnet detection using these metrics. It was observed that, group behavior metrics offers a promising solution for botnet detection.

Keywords

  • Packet Size
  • Infected Host
  • State Graph
  • Group Behavior
  • Jaccard Similarity

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Chang, S., Daniels, T.E.: P2p botnet detection using behavior clustering & statistical tests. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, pp. 23–30. ACM (2009)

    Google Scholar 

  2. Choi, H., Lee, H., Kim, H.: Botgad: detecting botnets by capturing group activities in network traffic. In: Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware, pp. 2:1–2:8. ACM (2009)

    Google Scholar 

  3. Dagon, D., Gu, G., Lee, C.: A taxonomy of botnet structures. In: Botnet Detection, vol. 36, pp. 143–164. Springer US (2008)

    Google Scholar 

  4. Fortunato, S., Castellano, C.: Community structure in graphs, pp. 1141–1163 (2009)

    Google Scholar 

  5. Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, p. 1. USENIX Association (2007)

    Google Scholar 

  6. Ha, D.T., Yan, G., Eidenbenz, S., Ngo, H.Q.: On the effectiveness of structural detection and defense against p2p-based botnets. In: IEEE/IFIP International Conference on Dependable Systems Networks, pp. 297–306 (2009)

    Google Scholar 

  7. Honov, S.A., Ivchenko, G.I.: On the jaccard similarity test. Journal of Mathematical Sciences 88(6), 789–794 (1998)

    CrossRef  MathSciNet  Google Scholar 

  8. Kang, B., Nunnery, C.: Decentralized peer-to-peer botnet architectures. Advances in Information and Intelligent Systems 251, 251–264 (2009)

    CrossRef  Google Scholar 

  9. Choi, S., Kang, Y.: Common Neighborhood Sub-graph Density as a Similarity Measure for Community Detection. In: Leung, C.S., Lee, M., Chan, J.H. (eds.) ICONIP 2009, Part I. LNCS, vol. 5863, pp. 175–184. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  10. Newman, M.E.J.: Fast algorithm for detecting community structure in networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics 69(62), 066133-1–066133-5 (2004)

    CrossRef  Google Scholar 

  11. Rossi, D., Sottile, E., Veglia, P.: Black-box analysis of internet p2p applications. In: Peer-to-Peer Networking and Applications, pp. 1–19 (2010)

    Google Scholar 

  12. Van Ruitenbeek, E., Sanders, W.H.: Modeling peer-to-peer botnets. In: Proceedings of the 2008 Fifth International Conference on Quantitative Evaluation of Systems, pp. 307–316. IEEE Computer Society (2008)

    Google Scholar 

  13. Stover, J.H.S., Dittrich, D., Dietrich, S.: Analysis of the storm and nugache trojans: P2p is here (2007)

    Google Scholar 

  14. Caflisch, A., Schuetz, P.: Efficient modularity optimization by multistep greedy algorithm and vertex mover refinement. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics 77(4) (2008)

    Google Scholar 

  15. Strayer, W., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Botnet Detection, vol. 36, pp. 1–24. Springer US (2008)

    Google Scholar 

  16. Wang, P., Wu, L., Aslam, B., Zou, C.C.: A systematic study on peer-to-peer botnets. In: International Conference on Computer Communications and Networks, pp. 1–8 (2009)

    Google Scholar 

  17. Bo, L., Yujian, L.: A normalized levenshtein distance metric. IEEE Transactions on Pattern Analysis and Machine Intelligence 29(6), 1091–1095 (2007)

    CrossRef  Google Scholar 

  18. Borazjani, P.N., Zeidanloo, H.R., Hosseinpour, F.: Botnet detection based on common network behaviors by utilizing artificial immune system(ais)  1, V121–V125 (2010)

    Google Scholar 

  19. Kadobayashi, Y., Zhang, Z.: A holistic perspective on understanding and breaking botnets: Challenges and countermeasures. Journal of the National Institute of Information and Communications Technology 55(2-3), 43–59 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of New Brunswick, Fredericton, NB, Canada

    John Felix, Charles Joseph & Ali A. Ghorbani

Authors
  1. John Felix
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charles Joseph
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali A. Ghorbani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, The University of Hong Kong, Room 519, 5/F, Haking Building, Pokfulam Road, 852, Hong Kong, China

    Tat Wing Chim

  2. Department of Computer Science, The University of Hong Kong, Room 519, 5/F, Haking Wong Building, Pokfulam Road, 852, Hong Kong, China

    Tsz Hon Yuen

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Felix, J., Joseph, C., Ghorbani, A.A. (2012). Group Behavior Metrics for P2P Botnet Detection. In: Chim, T.W., Yuen, T.H. (eds) Information and Communications Security. ICICS 2012. Lecture Notes in Computer Science, vol 7618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34129-8_9

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-34129-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34128-1

  • Online ISBN: 978-3-642-34129-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature