On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic. (1st July 2019)
- Record Type:
- Journal Article
- Title:
- On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic. (1st July 2019)
- Main Title:
- On the resilience of P2P botnet footprints in the presence of legitimate P2P traffic
- Authors:
- Faraji Daneshgar, Fateme
Abbaspour, Maghsoud - Abstract:
- Summary: Botnet is a distributed platform for illegal activities severely threaten the security of the Internet. Fortunately, although their complicated nature, bots leave some footprints during the C&C communication that have been utilized by security researchers to design detection mechanisms. Nevertheless, botnet designers are always trying to evade detection systems by leveraging the legitimate P2P protocol as C&C channel or even mimicking legitimate peer‐to‐peer (P2P) behavior. Consequently, detecting P2P botnet in the presence of normal P2P traffic is one of the most challenging issues in network security. However, the resilience of P2P botnet detection systems in the presence of normal P2P traffic is not investigated in most proposed schemes. In this paper, we focused on the footprint as the most essential part of a detection system and presented a taxonomy of footprints utilized in behavioral P2P botnet detection systems. Then, the resilience of mentioned footprints is analyzed using three evaluation scenarios. Our experimental and analytical investigations indicated that the most P2P botnet footprints are not resilient to the presence of legitimate P2P traffic and there is a pressing need to introduce more resilient footprints. Abstract : The resilience of proposed P2P botnet detection footprints in the presence of legitimate P2P traffic is analyzed using three scenarios. The analysis and experiments showed that most of the proposed footprints are not resilient toSummary: Botnet is a distributed platform for illegal activities severely threaten the security of the Internet. Fortunately, although their complicated nature, bots leave some footprints during the C&C communication that have been utilized by security researchers to design detection mechanisms. Nevertheless, botnet designers are always trying to evade detection systems by leveraging the legitimate P2P protocol as C&C channel or even mimicking legitimate peer‐to‐peer (P2P) behavior. Consequently, detecting P2P botnet in the presence of normal P2P traffic is one of the most challenging issues in network security. However, the resilience of P2P botnet detection systems in the presence of normal P2P traffic is not investigated in most proposed schemes. In this paper, we focused on the footprint as the most essential part of a detection system and presented a taxonomy of footprints utilized in behavioral P2P botnet detection systems. Then, the resilience of mentioned footprints is analyzed using three evaluation scenarios. Our experimental and analytical investigations indicated that the most P2P botnet footprints are not resilient to the presence of legitimate P2P traffic and there is a pressing need to introduce more resilient footprints. Abstract : The resilience of proposed P2P botnet detection footprints in the presence of legitimate P2P traffic is analyzed using three scenarios. The analysis and experiments showed that most of the proposed footprints are not resilient to the presence of normal traffic and more resilient footprints should be introduced leveraging the proposed analysis. … (more)
- Is Part Of:
- International journal of communication systems. Volume 32:Number 13(2019)
- Journal:
- International journal of communication systems
- Issue:
- Volume 32:Number 13(2019)
- Issue Display:
- Volume 32, Issue 13 (2019)
- Year:
- 2019
- Volume:
- 32
- Issue:
- 13
- Issue Sort Value:
- 2019-0032-0013-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2019-07-01
- Subjects:
- evasion resilience analysis -- normal and malicious P2P communication characteristics -- P2P botnet detection -- P2P botnet footprints
Telecommunication systems -- Periodicals
621.382 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/dac.3973 ↗
- Languages:
- English
- ISSNs:
- 1074-5351
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.172515
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 11407.xml