Ecole d'ingénieur et centre de recherche en Sciences du numérique

Resource monitoring for the detection of parasite P2P botnets

Rodríguez-Gómez, Rafael A; Maciá-Fernández, Gabriel; García-Teodoro, Pedro; Steiner, Moritz; Balzarotti, Davide

Computer Networks, June 2014, Elsevier, ISSN: 1389-1286

Detecting botnet behaviors in networks is a popular topic in the current research literature. The problem of detection of P2P botnets has been denounced as one of the most difficult ones, and this is even sounder when botnets use existing P2P networks infrastructure (parasite P2P botnets). The majority of the detection proposals available at present are based on monitoring network traffic to determine the potential existence of command-and-control communications (C&C) between the bots and the botmaster. As a different and novel approach, this paper introduces a detection scheme which is based on modeling the evolution of the number of peers sharing a resource in a P2P network over time. This allows to detect abnormal behaviors associated to parasite P2P botnet resources in this kind of environments. We perform extensive experiments on Mainline network, from which promising detection results are obtained while patterns of parasite botnets are tentatively discovered.

Doi Bibtex

Titre:Resource monitoring for the detection of parasite P2P botnets
Mots Clés:Parasite botnet; Detection system; Peer-to-peer; Mainline
Type:Journal
Langue:English
Ville:
Date:
Département:Sécurité numérique
Eurecom ref:4344
Copyright: © Elsevier. Personal use of this material is permitted. The definitive version of this paper was published in Computer Networks, June 2014, Elsevier, ISSN: 1389-1286 and is available at : http://dx.doi.org/10.1016/j.comnet.2014.05.016
Bibtex: @article{EURECOM+4344, doi = {http://dx.doi.org/10.1016/j.comnet.2014.05.016}, year = {2014}, month = {06}, title = {{R}esource monitoring for the detection of parasite {P}2{P} botnets}, author = {{R}odr{\'i}guez-{G}{\'o}mez, {R}afael {A} and {M}aci{\'a}-{F}ern{\'a}ndez, {G}abriel and {G}arc{\'i}a-{T}eodoro, {P}edro and {S}teiner, {M}oritz and {B}alzarotti, {D}avide}, journal = {{C}omputer {N}etworks, {J}une 2014, {E}lsevier, {ISSN}: 1389-1286}, url = {http://www.eurecom.fr/publication/4344} }
Voir aussi: