Abstract
Botnets population is rapidly growing and they become a huge threat on the Internet. Botnets has been declared as Advanced Malware (AM) and Advanced Persistent Threat (APT) listed attacks which is able to manipulate advanced technology where the intricacy of threats need for continuous detection and protection. These attacks will be almost exclusive for financial gain. P2P botnets act as bots that use P2P technology to accomplish certain tasks. The evolution of P2P technology had generated P2P botnets to become more resilient and robust than centralized botnets. This poses a big challenge on detection and defences. In order to detect these botnets, a complete flow analysis is necessary. In this paper, we proposed anomaly detection through chi-square multivariate statistical analysis which currently focuses on time duration and time slot. This particular time is considered to identify the existence of botserver. We foiled both of host level and network level to make coordination within a P2P botnets and the malicious behaviour each bot exhibits for making detection decisions. The statistical approach result show a high detection accuracy and low false positive that make it as one of the promising approach to reveal botserver.
Highlights
The researches on botnets and P2P botnets evolution are vital to determine its evolvement in various perspectives
This research has considered applying the statistical test in multivariate model with processing the chi-square as an anomaly-based detection
This study presents a statistical approach in order to detect existence botserver in specific time manner
Summary
The researches on botnets and P2P botnets evolution are vital to determine its evolvement in various perspectives. These IP address are swapped in and out of flux with extreme frequency and very short time-to-live (TTL) These technique change the mapping of domain name to different bots with constant shifting that give the attackers additional strength to thwart down the bots servers and obscure their true origin [5]. Current P2P botnets detection framework unable to identify and reveal source of real P2P bots server [7]. To address this gap in understanding, the correlation on incoming packet through both of host traffic and network traffic is needed by tracking those P2P botnets in particular time slot. The distinct P2P botnets across multiple hidden bots server will be identifying using multivariate statistical measurement in particular time slot.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
