PeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis
This addresses the challenge of detecting P2P botnets for network security practitioners, representing an incremental improvement over existing methods for traditional botnets.
The paper tackles the problem of detecting peer-to-peer botnets, which are major threats in network security, by presenting PeerHunter, a method that uses community behavior analysis to achieve high detection rates and low false positives in experiments with real and simulated network traces.
Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the infrastructure that responsible for various of cyber-crimes. Though a few existing work claimed to detect traditional botnets effectively, the problem of detecting P2P botnets involves more challenges. In this paper, we present PeerHunter, a community behavior analysis based method, which is capable of detecting botnets that communicate via a P2P structure. PeerHunter starts from a P2P hosts detection component. Then, it uses mutual contacts as the main feature to cluster bots into communities. Finally, it uses community behavior analysis to detect potential botnet communities and further identify bot candidates. Through extensive experiments with real and simulated network traces, PeerHunter can achieve very high detection rate and low false positives.