Abstract:
As the advance of information and communication technologies, the Internet has become an integral part of human life. Although it can provide us with many convenient services, there also exist some potential risks for its users. For example, hackers may try to steal confidential data for illegal benefits, and they use a variety of methods to achieve the goal of attacks, e.g., Distributed Denial of Service (DDoS), Spam and Trojan. These methods require a large number of computers; hence, hackers often spread out malicious software to infect those computers with lower defense mechanisms. The infected computers will become the zombie computers in the botnets controlled by hackers. Thus, it is an important subject regarding network security to detect and defend against the botnets. Among them, the Peer-to-Peer (P2P) botnet is a new type of botnets with every zombie computer as a peer controlled by hackers and thus its defense is more difficult. The objective of this study is to identify the traffic flows produced by known or unknown malicious software for defending against P2P botnets. Based on the analysis of P2P network’s traffic flows and the ASCII distribution in their packets, a mechanism containing six steps was proposed to identify the traffic flows of P2P botnets for locating the zombie computers, and finally restrain the computers from further infection.
Page(s):
138-148
DOI:
DOI not available
Published:
Journal: International Journal of Communication Networks and Information Security, Volume: 3, Issue: 2, Year: 2011