Abstract
A botnet is a herd of malware compromised devices, known as bots, connected through the Internet to perform malicious activities. The botnet can be of two types based on the architecture, namely client–server architecture (centralized botnet) and peer-to-peer architecture (P2P botnet). In the last few years, P2P botnets have been emerging as the biggest threat to networks. With the evolution of P2P botnets, detection has become a more challenging task since it can easily blend with benign network traffic and makes it hard to detect P2P bots in the presence of benign P2P. Modern P2P botnet detection system needs to process huge packet capture (PCAP) files as the amount of traffic data generated in the network is enormous. This paper proposes a Hadoop-based P2P botnet detection system that detects P2P bots in the local area network (LAN) which consists of both P2P bot and benign P2P traffic and reads PCAP files directly from Hadoop distributed file system (HDFS) and avoids conversion of PCAP files to text. The detection is based on the various characteristics of P2P bots such as count of unique destination hosts connected, total amount of data transferred from the source host, average of the TTL value of the packets transferred from the source host and count of unique destination ports connected. Experiments and evaluations are done on the publicly available real network dataset.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Vinayakumar R, Soman K, Poornachandran P, Alazab M, Jolfaei A (2019) DBD: deep learning dga-based botnet detection. In: Deep learning applications for cyber security. Springer, Cham, Switzerland, pp 127–149
Thejiya V, Radhika N, Thanudhas B (2016) J-Botnet detector: a java based tool for HTTP botnet detection. Int J Sci Res (IJSR) 5(7):282–290
Gopalakrishnan P, Keerthi Madhuvani PS, Maneesh Kumar Reddy P (2020) Bot detection in cloud storage systems–a preparatory effort. J Crit Rev 7(6):842–848.
P2P botnet, https://cs.ucf.edu/~czou/research/P2PBotnets-bookChapter.pdf
Bharathula P, Mridula Menon N (2016) Equitable machine learning algorithms to probe over p2p botnets. In: Proceedings of the 4th international conference on frontiers in intelligent computing: theory and applications (FICTA) 2015, pp 13–21. Springer, New Delhi
Big Data, https://www.oracle.com/in/big-data/what-is-big-data.html
Apache Hadoop, https://hadoop.apache.org/
Apache Mahout, https://en.wikipedia.org/wiki/Apache_Mahout
https://www.analyticsvidhya.com/blog/2017/09/common-machine-learning-algorithms/
Hendawi AM, Alali F, Wang X, Guan Y, Zhou T, Liu X, Basit N, Stankovic JA (2016) Hobbits: Hadoop and Hive based internet traffic analysis. In: 2016 IEEE international conference on big data (BigData), Dec 2016, pp 2590–2599
Narang P, Thakur A, Hota C (2014) HaDeS: a Hadoop-based framework for detection of peer-to-peer botnets. In: Proceedings of the 20th international conference on management of data
Huseynov K, Kim K (2014) Unsupervised Hadoop-based p2p botnet detection with threshold setting. Department of Computer Science, Korea Advanced, Institute of Science and Technology
Zhang J, Perdisci R, Lee W, Luo X, Sarfraz U (2013) Building a scalable system for stealthy p2p-botnet detection. IEEE Trans Inf Forensics Secur 9(1):27–38
Francois J, Wang S, Bronzi W, State R, Engel T (2011) Botcloud: detecting botnets using MapReduce. In: 2011 IEEE international workshop on information forensics and security. IEEE, pp 1–6
Khan, RU, Zhang X, Kumar R, Sharif A, Amiri Golilarz N, Alazab M (2018) An adaptive multi-layer botnet detection technique using machine learning classifiers. Appl Sci 9(11):2375
Singh K, Guntuku SC, Thakur A, Hota C (2014) Big data analytics framework for peer-to-peer botnet detection using random forests. Inf Sci 278:488–497
RIPE-NCC, https://github.com/RIPE-NCC/hadoop-pcap
Rahbarinia B, Perdisci R, Lanzi A, Li K (2013) Peerrush: mining for unwanted p2p traffic. In: International conference on detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, Heidelberg, pp 62–82
Storm botnet, https://en.wikipedia.org/wiki/Storm_botnet
Zeus malware, https://en.wikipedia.org/wiki/Zeus_(malware)
https://github.com/saitejapullepu/p2p-bot-detection-using-Bigdata
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sai Teja, P., Hema Sirija, P., Roshini, P., Saravanan, S. (2021). P2P Bot Detection Based on Host Behavior and Big Data Technology. In: Thampi, S.M., Lloret Mauri, J., Fernando, X., Boppana, R., Geetha, S., Sikora, A. (eds) Applied Soft Computing and Communication Networks. Lecture Notes in Networks and Systems, vol 187. Springer, Singapore. https://doi.org/10.1007/978-981-33-6173-7_11
Download citation
DOI: https://doi.org/10.1007/978-981-33-6173-7_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6172-0
Online ISBN: 978-981-33-6173-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)