Recognizing P2P Botnets Characteristic Through TCP Distinctive Behaviour

Abdullah, Raihana Syahirah and Mas'ud, M. Z. and Abdollah, M. F. and Sahib, S. and Yusof, R. (2011) Recognizing P2P Botnets Characteristic Through TCP Distinctive Behaviour. International Journal of Computer Science and Information Security, 9 (12). pp. 7-11. ISSN 1947-5500

[img]
Preview
PDF
Paper_28111124_IJCSIS__pp._7-11.pdf

Download (1MB)

Abstract

Botnet has been identified as one of the most emerging threats to the Internet users. It has been attracted much attention and gives a big threat in network security. Through the year a number of Botnet variants have been introduced and the most lethal variants are known as peerto- peer (P2P) botnets which able to camouflaging itself as the benign P2P application. This evolution of Botnet variants has made it harder to detect and shut down. Alike any network connection, p2p similarly using TCP to initialize the communication between two parties. Based on this reason, this paper investigates the network traffic characteristics of normal P2P connection and P2P botnets through the TCP connection initialize or received between the bot to the bot master. The proposed mechanism detects and classifies the P2P botnet TCP connection behaviour from the normal P2P network traffic. This can be used for early warning of P2P botnet activities in the network and prevention mechanism.

Item Type: Article
Subjects: Q Science > Q Science (General)
Divisions: Faculty of Information and Communication Technology > Department of System and Computer Communication
Depositing User: Dr. Robiah Yusof
Date Deposited: 29 Jun 2012 01:16
Last Modified: 28 May 2015 02:36
URI: http://eprints.utem.edu.my/id/eprint/3580
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item