Measuring and analyzing the characteristics of Napster and Gnutella hosts
Multimedia Systems
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Overbot: a botnet protocol based on Kademlia
Proceedings of the 4th international conference on Security and privacy in communication netowrks
The Activity Analysis of Malicious HTTP-Based Botnets Using Degree of Periodic Repeatability
SECTECH '08 Proceedings of the 2008 International Conference on Security Technology
SS'08 Proceedings of the 17th conference on Security symposium
Bayesian bot detection based on DNS traffic similarity
Proceedings of the 2009 ACM symposium on Applied Computing
A Survey of Botnet and Botnet Detection
SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Honeypot detection in advanced botnet attacks
International Journal of Information and Computer Security
Detecting and blocking P2P botnets through contact tracing chains
International Journal of Internet Protocol Technology
Periodic behavior in botnet command and control channels traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
It's increasingly difficult to detect botnets since the introduction of P2P communication. The flow characteristics and behaviors can be easily hidden if an attacker exploits the common P2P applications' protocol to build the network and communicate. In this paper, we analyze two potential command and control mechanisms for Parasite P2P Botnet, we then identify the quasi periodical pattern of the request packets caused by Parasite P2P Botnet sending requests to search for the Botmaster's commands in PULL mode. Considering our observation, a Parasite P2P Botnet detection framework and a mathematical model are proposed, and two algorithms named Passive Match Algorithm and Active Search Algorithm are developed. Our experimental results are inspiring and suggest that our approach is capable of detecting the P2P botnet leeching in eMule-like networks.