Peer-to-Peer (P2P) botnets are exploited by the botmasters for their resiliency against the take down efforts. As the modern botnets are stealthier, the traditional botnet detection approaches are not suitable for the...
详细信息
ISBN:
(纸本)9781467393393
Peer-to-Peer (P2P) botnets are exploited by the botmasters for their resiliency against the take down efforts. As the modern botnets are stealthier, the traditional botnet detection approaches are not suitable for the botnet detection. In this paper, an efficient botnet detection system is proposed for detecting the P2P botnet. The proposed botnet detection system estimates the flow export using NetFlow protocol. The packet flow is analyzed using three main components namely, Exporter, Collector, and Analyzer. The exporter captures the packet and monitors the contents of the packet. The collector captures the flow traffic and the analyzer component initiates an automated analysis of traffic with the captured packet information. The packet flow information is collected by virtual interface and physical probe. The virtual interface is used for collecting the malicious traffic information between the Virtual Machines (VMs) and the physical probe gathers malicious traffic information between the network bridges connecting VMs. The information collected from these techniques are analyzed for detecting the botnets in inter VM and intra VM. Compared to the existing dendritic cell algorithm (DCA), the proposed VM based botnet detection system has minimal time consumption, increased detection speed, and higher attack prevention ratio.
暂无评论