A proposed framework for P2P botnet detection
Botnet is most widespread and occurs commonly in today‘s cyber attacks, resulting in serious threats to our network assets and organization’s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-and-Con...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
International Association of Computer Science and Information Technology Press
2010
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/37017/2/list-30-1.html http://eprints.utm.my/id/eprint/37017/ http://www.ijetch.org/list-30-1.html |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| Language: | English |
| id |
my.utm.37017 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.370172017-02-15T00:34:55Z http://eprints.utm.my/id/eprint/37017/ A proposed framework for P2P botnet detection Zeidanloo, Hossein Rouhani Abdul Manaf, Azizah Ahmad, Rabiah Zamani, Mazdak Chaeikar, Saman Shojae QA75 Electronic computers. Computer science Botnet is most widespread and occurs commonly in today‘s cyber attacks, resulting in serious threats to our network assets and organization’s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-and-Control (C&C) infrastructure. They are used to distribute commands to Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, spam and phishing. Most of the existing botnet detection approaches concentrate only on particular botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective as botnets change their structure and C&C techniques. In this paper we proposed a new detection framework which focuses on P2P based botnets. This proposed framework is based on our definition of botnets. We define a botnet as a group of bots that will perform similar communication and malicious activity patterns within the same botnet. In our proposed detection framework, we monitor the group of hosts that show similar communication pattern in one stage and also performing malicious activities in another step, and finding common hosts on them. International Association of Computer Science and Information Technology Press 2010-04 Article PeerReviewed text/html en http://eprints.utm.my/id/eprint/37017/2/list-30-1.html Zeidanloo, Hossein Rouhani and Abdul Manaf, Azizah and Ahmad, Rabiah and Zamani, Mazdak and Chaeikar, Saman Shojae (2010) A proposed framework for P2P botnet detection. International Journal of Engineering and Technology (IJET), 2 (2). pp. 161-168. ISSN 1793-8236 http://www.ijetch.org/list-30-1.html DOI:10.7763/IJET.2010.V2.116 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Zeidanloo, Hossein Rouhani Abdul Manaf, Azizah Ahmad, Rabiah Zamani, Mazdak Chaeikar, Saman Shojae A proposed framework for P2P botnet detection |
| description |
Botnet is most widespread and occurs commonly in today‘s cyber attacks, resulting in serious threats to our network assets and organization’s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-and-Control (C&C) infrastructure. They are used to distribute commands to Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, spam and phishing. Most of the existing botnet detection approaches concentrate only on particular botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective as botnets change their structure and C&C techniques. In this paper we proposed a new detection framework which focuses on P2P based botnets. This proposed framework is based on our definition of botnets. We define a botnet as a group of bots that will perform similar communication and malicious activity patterns within the same botnet. In our proposed detection framework, we monitor the group of hosts that show similar communication pattern in one stage and also performing malicious activities in another step, and finding common hosts on them. |
| format |
Article |
| author |
Zeidanloo, Hossein Rouhani Abdul Manaf, Azizah Ahmad, Rabiah Zamani, Mazdak Chaeikar, Saman Shojae |
| author_facet |
Zeidanloo, Hossein Rouhani Abdul Manaf, Azizah Ahmad, Rabiah Zamani, Mazdak Chaeikar, Saman Shojae |
| author_sort |
Zeidanloo, Hossein Rouhani |
| title |
A proposed framework for P2P botnet detection
|
| title_short |
A proposed framework for P2P botnet detection
|
| title_full |
A proposed framework for P2P botnet detection
|
| title_fullStr |
A proposed framework for P2P botnet detection
|
| title_full_unstemmed |
A proposed framework for P2P botnet detection
|
| title_sort |
proposed framework for p2p botnet detection |
| publisher |
International Association of Computer Science and Information Technology Press |
| publishDate |
2010 |
| url |
http://eprints.utm.my/id/eprint/37017/2/list-30-1.html http://eprints.utm.my/id/eprint/37017/ http://www.ijetch.org/list-30-1.html |
| _version_ |
1643650061887864832 |