Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014 (2014), Article ID 425491, 10 pages
http://dx.doi.org/10.1155/2014/425491
Research Article

Towards Accurate Node-Based Detection of P2P Botnets

1School of Computer & Software, Nanjing University of Information Science & Technology, Nanjing 210044, China
2Jiangsu Engineering Center of Networking Monitoring, Nanjing University of Information Science & Technology, Nanjing 210044, China

Received 4 April 2014; Accepted 15 May 2014; Published 24 June 2014

Academic Editor: Yuxin Mao

Copyright © 2014 Chunyong Yin. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, “Analysis of a botnet takeover,” IEEE Security and Privacy, vol. 9, no. 1, pp. 64–72, 2011. View at Publisher · View at Google Scholar · View at Scopus
  2. X. Ma, X. Guan, J. Tao et al., “A novel IRC botnet detection method based on packet size sequence,” in Proceedings of the IEEE International Conference on Communications (ICC '10), pp. 1–5, Cape Town, South Africa, May 2010. View at Publisher · View at Google Scholar · View at Scopus
  3. W. Liao and C. Chang, “Peer to peer botnet detection using data mining scheme,” in Proceedings of the International Conference on Internet Technology and Applications (ITAP '10), pp. 1–4, Wuhan, China, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  4. C. Mazzariello, “IRC traffic analysis for botnet detection,” in Proceedings of the 4th International Symposium on Information Assurance and Security (IAS '08), pp. 318–323, Naples, Italy, September 2008. View at Publisher · View at Google Scholar · View at Scopus
  5. D. A. L. Romana, Y. Musashi, R. Matsuba, and K. Sugitani, “Detection of bot worm-infected PC terminals,” Information, vol. 10, no. 5, pp. 673–686, 2007. View at Google Scholar
  6. P. Wang, S. Sparks, and C. C. Zou, “An advanced hybrid peer-to-peer botnet,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 2, pp. 113–127, 2010. View at Publisher · View at Google Scholar · View at Scopus
  7. X. Dong, F. Liu, X. Li, and X. Yu, “A novel bot detection algorithm based on API call correlation,” in Proceedings of the 7th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD '10), vol. 3, pp. 1157–1162, Yantai, China, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  8. W. Zilong, W. Jinsong, H. Wenyi, and X. Chengyi, “The detection of IRC botnet based on abnormal behavior,” in Proceedings of the 2nd International Conference on MultiMedia and Information Technology (MMIT '10), pp. 146–149, Kaifeng, China, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  9. S. Wang, Q.-J. Du, G.-X. Yu et al., “Method of choosing optimal characters for network intrusion detection system,” Computer Engineering, vol. 36, no. 15, pp. 140–144, 2010. View at Google Scholar
  10. B. Al-Duwairi and L. Al-Ebbini, “BotDigger: a fuzzy inference system for botnet detection,” in Proceedings of the 5th International Conference on Internet Monitoring and Protection (ICIMP '10), pp. 16–21, Barcelona, Spain, May 2010. View at Publisher · View at Google Scholar · View at Scopus
  11. Y. Al-Hammadi and U. Aickelin, “Detecting bots based on key logging activities,” in Proceedings of the 3rd International Conference on Availability, Security, and Reliability (ARES '08), pp. 896–902, Piscataway, NJ, USA, March 2008. View at Publisher · View at Google Scholar · View at Scopus
  12. M. Crotti, F. Gringoli, P. Pelosato, and L. Salgarelli, “A statistical approach to IP-level classification of network traffic,” in Proceedings of the IEEE International Conference on Communications (ICC '06), vol. 1, pp. 170–176, Istanbul, Turkey, July 2006. View at Publisher · View at Google Scholar · View at Scopus
  13. X. Wang, F. Liu, J. Ma, and Z. Lei, “Research of automatically generating signatures for botnets,” Journal of Beijing University of Posts and Telecommunications, vol. 34, no. 4, pp. 109–112, 2011. View at Google Scholar · View at Scopus
  14. K. Wang, C. Huang, S. Lin, and Y. Lin, “A fuzzy pattern-based filtering algorithm for botnet detection,” Computer Networks, vol. 55, no. 15, pp. 3275–3286, 2011. View at Publisher · View at Google Scholar · View at Scopus
  15. J. Kang, Y. Song, and J. Zhang, “Accurate detection of peer-to-peer botnet using multi-stream fused scheme,” Journal of Networks, vol. 6, no. 5, pp. 807–814, 2011. View at Publisher · View at Google Scholar · View at Scopus
  16. C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer, “Using machine learning techniques to identify botnet traffic,” in Proceedings of the 31st Annual IEEE Conference on Local Computer Networks (LCN '06), pp. 967–974, Tampa, Fla, USA, November 2006. View at Publisher · View at Google Scholar · View at Scopus
  17. H. Choi, H. Lee, and H. Kim, “Botnet detection by monitoring group activities in DNS traffic,” in Proceedings of the 7th IEEE International Conference on Computer and Information Technology (CIT '07), pp. 715–720, Aizuwakamatsu, Japan, October 2007. View at Publisher · View at Google Scholar · View at Scopus
  18. D. Liu, Y. Li, Y. Hu, and Z. Liang, “A P2P-botnet detection model and algorithms based on network streams analysis,” in Proceedings of the International Conference on Future Information Technology and Management Engineering (FITME '10), vol. 1, pp. 55–58, Changzhou, China, October 2010. View at Publisher · View at Google Scholar · View at Scopus
  19. C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang, “Effective and efficient malware detection at the end host,” in Proceedings of 18th USENIX Security Symposium, pp. 351–366, USENIX Association, Montreal, Canada, 2009.
  20. B. Wang, Z. Li, H. Tu, and J. Ma, “Measuring peer-to-peer botnets using control flow stability,” in Proceedings of the International Conference on Availability, Reliability and Security (ARES '09), pp. 663–669, Fukuoka, Japan, March 2009. View at Publisher · View at Google Scholar · View at Scopus
  21. I. H. Witten, E. Frank, and M. Hall, Data Mining: Practical Machine Learning Tools and Techniques, Morgan Kaufmann, 3rd edition, 2011.
  22. M. Roesch, “Snort—lightweight intrusion detection for networks,” in Proceedings of the 13th USENIX Conference on System Administration (USENIX LISA '99), pp. 229–238, USENIX Association, Berkeley, Calif, USA, 1999.
  23. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, “BotHunter: detecting malware infection through IDS-driven dialog correlation,” in Proceedings of the 16th USENIX Security Symposium, pp. 167–182, 2007.
  24. French Chapter of Honenynet, http://www.honeynet.org/chapters/france.
  25. G. Szab’o, D. Orincsay, S. Malomsoky, and I. Szab’o, “On the validation of traffic classification algorithms,” in Proceedings of the 9th International Conference on Passive and Active Network Measurement (PAM '08), pp. 72–81, Cleveland, Ohio, USA, 2008.
  26. LBNL Enterprise Trace Repository, 2005, http://www.icir.org/enterprise-tracing.
  27. L. Braun, G. Münz, and G. Carle, “Packet sampling for worm and botnet detection in TCP connections,” in Proceedings of the 12th IEEE/IFIP Network Operations and Management Symposium (NOMS '10), pp. 264–271, IEEE, Osaka, Japan, April 2010. View at Publisher · View at Google Scholar · View at Scopus