Peer to Peer Botnet Detection Using Data Mining Scheme

Abstract

Botnet was composed of the virus-infected computers severely threaten the security of internet. Hackers, firstly, implanted virus in targeted computers, which were then commanded and controlled by them via the internet to operate distributed denial of services (DDoS), steal confidential information, distribute junk mails and other malicious acts. By imitating P2P software, P2P botnet used multiple main controller to avoid single point of failure, and failed various misuse detecting technologies together with encryption technologies. Differentiating from the normal network behavior, P2P botnet sets up numerous sessions without consuming bandwidth substantially, causing itself exposed to the anomaly detection technology. The data mining scheme was tested in real internet to prove its capability of discovering the host of P2P botnet. Crucially, the research applied the original dissimilarity of P2P botnet differing from normal internet behaviors as parameters of data mining, which were then clustered and distinguished to obtain reliable results with acceptable accuracy.