Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security in Computer Networks and Distributed Systems

SNDS 2014: Recent Trends in Computer Networks and Distributed Systems Security pp 334–345Cite as

Improved Detection of P2P Botnets through Network Behavior Analysis

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 420))

Abstract

Botnets are becoming powerful threats on the Internet because they launch targeted attacks towards organizations and the individuals. P2P botnets are resilient and more difficult to detect due to their nature of using different distributed approaches and encryption techniques. Classification based techniques proposed in the literature to detect P2P botnets, report high overall accuracy of the classifier but fail to recognize individual classes at the similar rates. Identification of non-bot traffic is equally important as that of bot classes for the reliability of the classifier. This paper proposes a model to distinguish P2P botnet command and control network traffic from normal traffic at higher rate of both the classes using ensemble of decision trees classifier named Random Forests. Further to optimize the performance, this model also addresses the problem of imbalanced nature of dataset using techniques like downsampling and cost sensitive learning. Performance analysis has been done on the proposed model and evaluation results show that true positive rate for both botnet and legitimate classes are more than 0.99 whereas false positive rate is 0.008.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chen, L., Richard, R.B.: Timing analysis in P2P botnet traffic using probabilistic context-free grammars. In: CSIIRW 2013. ACM, Oak Ridge (2013)

    Google Scholar 

  2. Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Wei, L., Felix, J., Hakimian, P.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 Ninth Annual International Conference on Privacy, Security and Trust (PST), pp. 174–180 (2012)

    Google Scholar 

  3. Hand, D., Mannila, H., Smyth, P.: Principles of Data Mining. MIT Press, Cambridge (2001)

    Google Scholar 

  4. Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Usilng Machine Learning Technliques to Identify Botnet Traffic. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 967–974 (2006)

    Google Scholar 

  5. Guofei, G., Roberto, P., Junjie, Z., Wenke, L.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium. USENIX Association, San Jose (2008)

    Google Scholar 

  6. Fedynyshyn, G., Chuah, M.C., Tan, G.: Detection and classification of different botnet C&C channels. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds.) ATC 2011. LNCS, vol. 6906, pp. 228–242. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Junjie, Z., Perdisci, R., Wenke, L., Sarfraz, U., Xiapu, L.: Detecting stealthy P2P botnets using statistical traffic fingerprints. In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), pp. 121–132 (2011)

    Google Scholar 

  8. Alaidaros, H., Mahmuddin, M., Mazari, A.A.: An Overview of Flow-based and Packet-based Intrusion Detection Performance in High Speed Networks. In: Proceedings of the International Arab Conference on Information Technology (2011)

    Google Scholar 

  9. François, J., Wang, S., State, R., Engel, T.: BotTrack: Tracking Botnets Using NetFlow and PageRank. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011, Part I. LNCS, vol. 6640, pp. 1–14. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Lin, S.-C., Chen, P., Chang, C.-C.: A novel method of mining network flow to detect P2P botnets. In: Peer-to-Peer Networking and Applications, pp. 1–10 (2012)

    Google Scholar 

  11. Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis. Comput. Netw. 57, 475–486 (2013)

    Article  Google Scholar 

  12. Huang, C.-Y.: Effective bot host detection based on network failure models. Computer Networks 57, 514–525 (2013)

    Article  Google Scholar 

  13. Garg, S., Singh, A.K., Sarje, A.K., Peddoju, S.K.: Behaviour Analysis of Machine Learning Algorithms for detecting P2P Botnets. In: International Conference on Advanced Computing Technologies (2013)

    Google Scholar 

  14. Breiman, L.: Random Forests. Machine Learning 45, 5–32 (2001)

    Article  MATH  Google Scholar 

  15. Chao, C., Andy, L., Leo, B.: Using Random Forest to Learn Imbalanced Data. University of California, Berkeley (2004)

    Google Scholar 

  16. Galar, M., Ferna, X., Ndez, A., Barrenechea, E., Bustince, H., Herrera, F.: A Review on Ensembles for the Class Imbalance Problem: Bagging-, Boosting-, and Hybrid-Based Approaches. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 42, 463–484 (2012)

    Article  Google Scholar 

  17. Barthakur, P., Dahal, M., Ghose, M.K.: A Framework for P2P Botnet Detection Using SVM. In: Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 195–200 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Roorkee, Roorkee, Uttrakhand, India

    Shree Garg, Anil K. Sarje & Sateesh Kumar Peddoju

Authors
  1. Shree Garg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anil K. Sarje
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sateesh Kumar Peddoju
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Facultad de Informatica, Campus de Espinardo, s/n, 30., 100, Murcia, Spain

    Gregorio Martínez Pérez

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Faculty of Computing and Mathematical Sciences, The University of Waikato, Waikato Mail Centre, Private Bag 3105, Hamilton, New Zealand

    Ryan Ko

  4. Guangdong University of Petrochemical Technology, P.R. China

    Lei Shu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Garg, S., Sarje, A.K., Peddoju, S.K. (2014). Improved Detection of P2P Botnets through Network Behavior Analysis. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54525-2_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54524-5

  • Online ISBN: 978-3-642-54525-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation