Detecting and blocking P2P botnets Through contact tracing chains

Zhiyong Huang, Xiaoping Zeng, Yong Liu

Research output: Contribution to journalArticle

Abstract

Peer-to-peer (P2P) botnets have recently become serious security threats on the internet. It is difficult to detect the propagation of P2P botnets by isolated monitoring on individual machines due to its decentralised control structure. In this paper, we propose a contact tracing chain-based framework to detect and block P2P botnets by tracing contact behaviours among peers. In the proposed framework, the contacts of peers with suspicious symptoms are traced and tracing chains are established to correlate contacts among peers with their abnormal symptoms. Peers are confirmed with infections when the length of contact tracing chain that they belong to reaches a preset threshold. Under this framework, we develop different detection, tracing and immunisation strategies. Through numerical simulations, we demonstrate that the proposed contact tracing framework can quickly detect and block the propagation of P2P botnets.

Original languageEnglish (US)
Pages (from-to)44-54
Number of pages11
JournalInternational Journal of Internet Protocol Technology
Volume5
Issue number1-2
DOIs
Publication statusPublished - Apr 2010

    Fingerprint

Keywords

  • Blocking
  • Botnet
  • Contact tracing
  • Detection
  • Entropy
  • Immunisation
  • P2P
  • Protocol
  • Simulation
  • Threshold
  • Transmission chain
  • Worm

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this