The detection and isolation of peer-to-peer botnets is an ongoing problem. We propose a novel technique for detecting P2P botnets. Detection is based on unifying behavioural analysis with structured graph analysis. First, our inference technique exploits a fundamental property of botnet design. Modern botnets use peer-to-peer communication topologies which are fundamental to botnet resilience. Second, our technique extends conventional graph-based detection by incorporating behavioural analysis into structured graph analysis, thus unifying graph-theoretic detection with behavioural detection under a single algorithmic framework. We carried out evaluation over real-world P2P botnet traffic and show that the resulting algorithm can localise the majority of bots with low false-positive rate. © 2014 Springer International Publishing Switzerland.
CITATION STYLE
Nagaraja, S. (2014). Botyacc: Unified P2P botnet detection using behavioural analysis and graph analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8713 LNCS, pp. 439–456). Springer Verlag. https://doi.org/10.1007/978-3-319-11212-1_25
Mendeley helps you to discover research relevant for your work.