Advertisement

Detect Peer-to-Peer Botnet with Permutation Entropy and Adaptive Information Fusion

  • Yuanzhang SongEmail author
  • Junting He
  • Hongyu Li
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 960)

Abstract

Aim to improve the detection accuracy, a novel peer-to-peer botnet detection method based on permutation entropy and adaptive information fusion algorithm was proposed. Permutation entropy was utilized to characterize the complexity measure of network traffic, which did not vary with the structure of peer-to-peer network, peer-to-peer protocol and attack type. Kalman filter was utilized to detect the abnormalities of the complexity measure. Furthermore, the features of TCP packets were utilized to reduce the negative impact of web applications on botnet detection, especially the web applications that were based on peer-to-peer protocols. To get more accurate information fusion result, an adaptive information fusion algorithm was proposed to fuse the above detection results to get the final detection result, which combined Dempster-Shafer theory and Dezert-Smarandache theory by using their superiorities and overcoming their disadvantages. The experiment results show that the proposed method is able to detect peer-to-peer botnet with higher accuracy and stronger robustness.

Keywords

Peer-to-peer botnet Permutation entropy Adaptive information fusion 

Notes

Acknowledgements

This work was supported by the National High Technology Re-search and Development Program of China (“863” Program) (Grant No. 2011AA7031024G) and the National Natural Science Foundation of China (Grant No. 61373053, 61472161).

References

  1. 1.
    Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the storm (Peacomm) Worm. Computer Science Laboratory, SRI International, CA (2007)Google Scholar
  2. 2.
    Wang, Z., Cai, Y.Y., Liu, L., et al.: Using coverage analysis to extract Botnet command-and-control protocol. J. Commun. 35(1), 156–166 (2014)Google Scholar
  3. 3.
    Yahyazadeh, M., Abadi, M.: BotGrab: a negative reputation system for Botnet detection. Comput. Electr. Eng. 41, 68–85 (2015)CrossRefGoogle Scholar
  4. 4.
    Wang, X., Yang, Q., Jin, X.: Periodic communication detection algorithm of Botnet based on quantum computing. Chin. J. Quant. Electron. 33(2), 182–187 (2016)Google Scholar
  5. 5.
    Chen, J., Cheng, X., Ruiying, D., et al.: BotGuard: lightweight real-time Botnet detection in software defined networks. Wuhan Univ. J. Nat. Sci. 22(2), 103–113 (2017)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Karim, A., Salleh, R.B., Shiraz, M., et al.: Review: botnet detection techniques: review, future trends, and issues. J. Zhejiang Univ.-Sci. C (Comput. Electron.) 15(11), 943–983 (2014)CrossRefGoogle Scholar
  7. 7.
    Mahmoud, M., Nir, M., Matrawy, A.: A survey on botnet architectures, detection and defences. Int. J. Netw. Secur. 17(3), 272–289 (2015)Google Scholar
  8. 8.
    Li, K., Fang, B., Cui, X., et al.: Study of Botnets trends. J. Comput. Res. Dev. 53(10), 2189–2206 (2016)Google Scholar
  9. 9.
    Yan, R., Liu, Y., Gao, R.X.: Permutation entropy: a nonlinear statistical measure for status characterization of rotary machines. Mech. Syst. Sig. Process. 29(5), 474–484 (2012)CrossRefGoogle Scholar
  10. 10.
    Cao, L.Y.: Practical method for determining the minimum embedding dimension of a scalar series. Phys. D Nonlinear Phenom. 110(1/2), 43–50 (1997)zbMATHCrossRefGoogle Scholar
  11. 11.
    Wang, L., Wenqi, W., Wei, G., et al.: Online performance evaluation of RLG INS based on joint rotation and modulation. Opt. Precis. Eng. 26(3), 578–587 (2018)CrossRefGoogle Scholar
  12. 12.
    Zongming Liu, Yu., Zhang, S.L., et al.: Closed-loop detection and pose optimization of non-cooperation rotating target. Opt. Precis. Eng. 25(4), 504–511 (2017)Google Scholar
  13. 13.
    Cheng, L., Chen, J., Chen, M.: Fast acquisition of time optimal sliding model control technology for photoelectric tracking system. Opt. Precis. Eng. 25(1), 148–154 (2017)CrossRefGoogle Scholar
  14. 14.
    Li, Z., Li, X., Liu, Q., et al.: Adaptive fast initial attitude estimation for inflight loitering munition. Opt. Precis. Eng. 25(2), 493–501 (2017)CrossRefGoogle Scholar
  15. 15.
    Min, W., Shi, J., Han, Q., et al.: A distributed face recognition approach and performance optimization. Opt. Precis. Eng. 25(3), 780–785 (2017)Google Scholar
  16. 16.
    Zhou, J., Chen, J., Li, Y., et al.: Research on target prediction algorithm of shipboard photoelectric tracking equipment. Opt. Precis. Eng. 25(2), 519–528 (2017)CrossRefGoogle Scholar
  17. 17.
    Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P traffic using application signatures. In: 13th International Conference on World Wide Web, pp. 512–521. ACM (2004)Google Scholar
  18. 18.
    Kasera, S., Pinheiro, J., Loader, C.: Fast and robust signaling overload control. In: 9th International Conference on Network Protocols, pp. 323–331. IEEE, Riverside (2001)Google Scholar
  19. 19.
    Yager, R.R., Liu, L.: Classic Works of the Dempster-Shafer Theory of Belief Functions. Springer, Berlin (2008).  https://doi.org/10.1007/978-3-540-44792-4zbMATHCrossRefGoogle Scholar
  20. 20.
    Mruphy, C.K.: Combing belief function when evidence conflicts. Decis. Support Syst. 29(1), 1–9 (2000)CrossRefGoogle Scholar
  21. 21.
    Voorbraak, F.: On the justification of Dempster’s rule of combination. Artif. Intell. 48, 171–197 (1991)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Zadeh, L.: A simple view of the Dempster-Shafer theory of evidence and its implication for the rule of combination. AI Mag. 7(2), 85–90 (1986)Google Scholar
  23. 23.
    Mathon, B.R., Ozbek, M.M., Pinder, G.F.: Dempster-shafer theory applied to uncertainty surrounding permeability. Math. Geosci. 42, 293–307 (2010)zbMATHCrossRefGoogle Scholar
  24. 24.
    Smarandache, F., Dezert, J.: Advances and Applications of DSmT for Information Fusion, vol. 2. American Research Press, Rehoboth (2006)zbMATHGoogle Scholar
  25. 25.
    Detection of Peer-to-Peer Botnets. http://staff.science.uva.nl/~delaat/sne-2007-2008/p22/report.pdf. Accessed 13 Aug 2017
  26. 26.
    Zhaoa, D., Traorea, I., Sayed, B., et al.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)CrossRefGoogle Scholar
  27. 27.
    Kang, J., Zhang, J.-Y., Li, Q., et al.: Detecting New P2P botnet with multi-chart CUSUM. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 688–691. IEEE, Wuhan (2009)Google Scholar
  28. 28.
    Kang, J., Song, Y.: Application KCFM to detect new P2P botnet based on multi-observed sequence. In: Geomatics and Information Science of Wuhan University, vol. 35, no. 5, pp. 520–523 (2010)Google Scholar
  29. 29.
    Song, Y.: Detecting P2P botnet by analyzing macroscopic characteristics with fractal and information fusion. China Commun. 12(2), 107–117 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Changchun Institute of Optics, Fine Mechanics and Physics, Chinese Academy of SciencesChangchunChina
  2. 2.Jiefang Business DivisionChina FAW Corporation LimitedChangchunChina

Personalised recommendations