Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Botyacc
T2 - unified P2P botnet detection using behavioural analysis and graph analysis
AU - Nagaraja, Shishir
PY - 2014
Y1 - 2014
N2 - We propose a novel technique for detecting P2P botnets. Detection isbased on two working principles. First, we exploit a {\bf fundamentalproperty} of botnet design: peer-to-peer connectivity topologies arefundamental to botnet survivability. Second, we use traffic-flowpattern analysis to capture traffic similarity within a botnet. Ourwork unifies graph-theoretic detection with behavioural detection intoa single technique. We carried out evaluation over live P2P botnettraffic and show that the resulting algorithm can localise themajority of bots with low false-positive rate.
AB - We propose a novel technique for detecting P2P botnets. Detection isbased on two working principles. First, we exploit a {\bf fundamentalproperty} of botnet design: peer-to-peer connectivity topologies arefundamental to botnet survivability. Second, we use traffic-flowpattern analysis to capture traffic similarity within a botnet. Ourwork unifies graph-theoretic detection with behavioural detection intoa single technique. We carried out evaluation over live P2P botnettraffic and show that the resulting algorithm can localise themajority of bots with low false-positive rate.
KW - Traffic analysis
KW - botnet detection
KW - behavioural analysis
KW - graph theory
U2 - 10.1007/978-3-319-11212-1_25
DO - 10.1007/978-3-319-11212-1_25
M3 - Conference contribution/Paper
SN - 9783319112114
T3 - Lecture Notes in Computer Science
SP - 439
EP - 456
BT - Computer Security - ESORICS 2014
A2 - Kutyłowski, Mirosław
A2 - Vaidya, Jaideep
PB - Springer
ER -