Recognizing P2P Botnets Characteristics Through TCP Distinctive Behaviour

Sahib, Shahrin and Abdullah, Raihana Syahirah and Mas'ud, Mohd Zaki and Abdollah, Mohd Faizal and Robiah, Yusof (2011) Recognizing P2P Botnets Characteristics Through TCP Distinctive Behaviour. International Journal of Computer Science and Information Security (IJCSIS), 9 (12). pp. 7-11. ISSN 1947-5500

[img] Text
Raihana_FTMK_UTeM.pdf - Published Version
Restricted to Registered users only

Download (583kB)

Abstract

Botnet has been identified as one of the most emerging threats to the Internet users.It has been attracted much attention and gives a big threat in network security. Through the year a number of Botnet variants have been introduced and the most lethal variants are known as peerto-peer (P2P) botnets which able to camouflaging itself as the benign P2P application.This evolution of Botnet variants has made it harder to detect and shut down.Alike any network connection,p2p similarly using TCP to initialize the communication between two parties.Based on this reason,this paper investigates the network traffic characteristics of normal P2P connection and P2P botnets through the TCP connection initialize or received between the bot to the bot master.The proposed mechanism detects and classifies the P2P botnet TCP connection behaviour from the normal P2P network traffic.This can be used for early warning of P2P botnet activities in the network and prevention mechanism.

Item Type: Article
Subjects: Q Science > Q Science (General)
Q Science > QA Mathematics
Divisions: Faculty of Information and Communication Technology
Depositing User: Mohd. Nazir Taib
Date Deposited: 24 Oct 2018 07:31
Last Modified: 24 Oct 2018 07:31
URI: http://eprints.utem.edu.my/id/eprint/21102
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item