Skip to main content
SpringerLink
Log in

The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster

  • Conference paper
  • First Online:
New Trends in Computer Technologies and Applications (ICS 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1013))

Included in the following conference series:

  • 1318 Accesses

Abstract

In recent years, many studies on peer-to-peer (P2P) botnet detection have exhibited the excellent detection precision on synthetic logs collected from the testbed. However, most of them do not evaluate their effectiveness on real traffic. In this paper, we use our BotCluster to analyze real traffic from April 2nd to April 15th, 2017, collected as Netflow format, with three time-scopes for detecting P2P botnet activities in two campuses (National Cheng Kung University (NCKU) and National Chung Cheng University (CCU)). Three time-scopes including single-day, three-day, and weekly observation period applied to the same traffic logs for revealing the influence of the observation period on P2P botnet detection. The experiments show that with the weekly observation period, the precision can increase 10% from 84% to 94% on the combined traffic logs of two campuses.

The authors are grateful to the Ministry of Science and Technology, Taiwan for the financial support (This research funded by contract MOST-103-2221-E-006-144-MY3), National Center for High-Performance Computing, Taiwan for providing NetFlow log and VirusTotal for contributing the malicious IP checking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wang, C.-Y., et al.: BotCluster: a session-based P2P botnet clustering system on NetFlow. Comput. Netw. 145, 175–189 (2018)

    Article  Google Scholar 

  2. Wang, P., Wang, F., Lin, F., Cao, Z.-Z., et al.: Identifying peer-to-peer botnets through periodicity behavior analysis. In: 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (2018)

    Google Scholar 

  3. Saad, S., et al.: Detecting P2P botnets through network behavior analysis and machine learning. In: 9th Annual International Conference on Privacy Security and Trust (PST), pp. 174–180 (2011)

    Google Scholar 

  4. Sengar, B., Padmavathi, B.: P2P bot detection system based on mapreduce. In: 2017 International Conference on Computing Methodologies and Communication (ICCMC) (2017)

    Google Scholar 

  5. Mane, Y.D.: Detect and deactivate P2P Zeus bot. In: 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (2017)

    Google Scholar 

  6. Sun, J.-H., Jeng, T.-H., Chen, C.-C., Huang, H.-C., Chou, K.-S.: MD-Miner: behavior-based tracking of network traffic for malware-control domain detection. In: IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), pp. 96–105 (2017)

    Google Scholar 

  7. Almutairi, S., Mahfoudh, S., Alowibdi, J.S.: Peer to peer botnet detection based on network traffic analysis, new technologies. In: 2016 8th IFIP International Conference on Mobility and Security (NTMS), pp. 1–4 (2016)

    Google Scholar 

  8. Qiu, Z., Miller, D.J., Kesidis, G.: Flow based botnet detection through semi-supervised active learning. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2387–2391 (2017)

    Google Scholar 

  9. Yang, H., Cheng, L., Chuah, M.-C.: Detecting peer-to-peer botnets in SCADA systems. In: GlobeCom Workshops (2016)

    Google Scholar 

  10. Le, D.C., Zincir-Heywood, A.N., Heywood, M.I.: Data analytics on network traffic flows for botnet behavior detection. In: IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–7 (2016)

    Google Scholar 

  11. Alejandre, F.V., Cortés, N.C., Anaya, E.A.: Feature selection to detect botnets using machine learning algorithms. In: International Conference on Electronics, Communications and Computers (CONIELECOMP), pp. 1–7 (2017)

    Google Scholar 

  12. Mai, L., Park, M.: A comparison of clustering algorithms for botnet detection based on network flow. In: 8th International Conference on Ubiquitous and Future Networks (ICUFN), pp. 667–669 (2016)

    Google Scholar 

  13. Gavrilut, D.T., Popoiu, G., Benchea, R.: Identifying DGA-based botnets using network anomaly detection. In: 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), pp. 292–299 (2016)

    Google Scholar 

  14. Zhuang, D., Chang, J.M.: PeerHunter: detecting peer-to-peer botnets through community behavior analysis. In: 2017 IEEE Conference on Dependable and Secure Computing (2017)

    Google Scholar 

  15. Yan, J., Ying, L., Yang, Y., Su, P., Feng, D.: Long term tracking and characterization of P2P botnet. In: IEEE TrustCom, pp. 244–251 (2014)

    Google Scholar 

  16. Yahyazadeh, M., Abadi, M.: BotOnus: an online unsupervised method for botnet detection. ISC Int. J. Inf. Secur. (ISeCure) 4(1), 51–62 (2012)

    Google Scholar 

  17. Khodadadi, R., Akbari, B.: Ichnaea: Effective P2P botnet detection approach based on analysis of network flows. In: 7th International Symposium on Telecommunications (IST), pp. 934–940 (2014)

    Google Scholar 

  18. Zhang, J.-J., Perdisci, R., Lee, W.-K., Luo, X.-P., Sarfraz, U.: Building a scalable system for stealthy P2P-botnet detection. IEEE Trans. Inf. Forensics and Secur. 9(1), 27–38 (2014)

    Article  Google Scholar 

  19. Narang, P., Ray, S., Hota, C, Venkatakrishnan, V.: Peershark: detecting peer-to-peer botnets by tracking conversations. In: Security and Privacy Workshops (SPW) (2014)

    Google Scholar 

  20. Ye, W., Cho, K.: P2P and P2P botnet traffic classification in two stages. Soft Comput. J. 21, 1–12 (2015)

    Google Scholar 

  21. Garg, S., Peddoju, K., Sarje, A.: Scalable P2P bot detection system based on network data stream. Peer-to-Peer Networking Appl. 9, 1–16 (2016)

    Article  Google Scholar 

  22. Thangapandiyan, M., Anand, P.M.R.: An efficient botnet detection system for P2P botnet. In: International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 1217–1221 (2016)

    Google Scholar 

  23. VirusTotal. https://www.virustotal.com/

  24. TaiWan Advanced Research and Education Network (TWAREN). http://www.twaren.net/

  25. Braavos. https://www.nchc.org.tw/

Download references

Author information

Authors and Affiliations

  1. Institute of Computer and Communication Engineering, Department of Electrical Engineering, National Cheng Kung University, Tainan, Taiwan

    Chun-Yu Wang, Jia-Hong Yap, Kuan-Chung Chen & Ce-Kuen Shieh

  2. National Center for High-Performance Computing, Hsinchu, Taiwan

    Ce-Kuen Shieh

  3. Department of Digital Applications, University of Kang Ning, Tainan, Taiwan

    Jyh-Biau Chang

Authors
  1. Chun-Yu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jia-Hong Yap
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kuan-Chung Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jyh-Biau Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ce-Kuen Shieh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chun-Yu Wang .

Editor information

Editors and Affiliations

  1. National Yunlin University of Science and Technology, Douliu, Taiwan

    Chuan-Yu Chang

  2. National Yunlin University of Science and Technology, Douliu, Taiwan

    Chien-Chou Lin

  3. Southern Taiwan University of Science and Technology, Tainan, Taiwan

    Horng-Horng Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, CY., Yap, JH., Chen, KC., Chang, JB., Shieh, CK. (2019). The Impact of the Observation Period for Detecting P2P Botnets on the Real Traffic Using BotCluster. In: Chang, CY., Lin, CC., Lin, HH. (eds) New Trends in Computer Technologies and Applications. ICS 2018. Communications in Computer and Information Science, vol 1013. Springer, Singapore. https://doi.org/10.1007/978-981-13-9190-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-9190-3_8

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-9189-7

  • Online ISBN: 978-981-13-9190-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation