Abstract
AbstractA botnet is a herd of malware compromised devices, known as bots, connected through the Internet to perform malicious activities. The botnet can be of two types based on the architecture, namely client–server architecture (centralized botnet) and peer-to-peer architecture (P2P botnet). In the last few years, P2P botnets have been emerging as the biggest threat to networks. With the evolution of P2P botnets, detection has become a more challenging task since it can easily blend with benign network traffic and makes it hard to detect P2P bots in the presence of benign P2P. Modern P2P botnet detection system needs to process huge packet capture (PCAP) files as the amount of traffic data generated in the network is enormous. This paper proposes a Hadoop-based P2P botnet detection system that detects P2P bots in the local area network (LAN) which consists of both P2P bot and benign P2P traffic and reads PCAP files directly from Hadoop distributed file system (HDFS) and avoids conversion of PCAP files to text. The detection is based on the various characteristics of P2P bots such as count of unique destination hosts connected, total amount of data transferred from the source host, average of the TTL value of the packets transferred from the source host and count of unique destination ports connected. Experiments and evaluations are done on the publicly available real network dataset.KeywordsBotnetP2P botnetHadoopNetworkInternetMalware
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
