Portal de Periódicos da CAPES

Group Behavior Metrics for P2P Botnet Detection

2012; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-34129-8_9

1611-3349

J Villanueva Felix, Charles L. Joseph, Ali A. Ghorbani,

Complex Network Analysis Techniques

Botnet is becoming the biggest threat to the integrity of Internet and its resources. The advent of P2P botnets has made detection and prevention of botnets very difficult. In this paper, we propose a set of metrics for efficient botnet detection. The proposed metrics captures the unique group behavior that is inherent in bot communications. Our premise for proposing group behavior metrics for botnet detection is that, group behavior observed in botnets are unique and this unique group behavior property is inherent in the botnet architecture. The proposed group behavior metrics uses three standard network traffic characteristics, namely, topological properties, traffic pattern statistics and protocol sequence and usage to derive the proposed metrics. We derive six group behavior metrics and illustrate the efficiency of botnet detection using these metrics. It was observed that, group behavior metrics offers a promising solution for botnet detection.