Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints

Peer-To-Peer (P2P) botnets have recently been adopted by botmasters for their resiliency to take-down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches, including, ineffective. In this paper, the authors propose a novel botnet detection system that is able to identify stealthy P2P botnets, even when malicious activities may not be observable. First, their system identifies all hosts that are likely engaged in P2P communications. Then, they derive statistical fingerprints to profile different types of P2P traffic, and they leverage these fingerprints to distinguish between P2P botnet traffic and other legitimate P2P traffic.

Provided by: Georgia Institute of Technology Topic: Networking Date Added: Jun 2011 Format: PDF

Find By Topic