Nagaraja, Shishir (2014) Botyacc : unified P2P botnet detection using behavioural analysis and graph analysis. In: Computer Security - ESORICS 2014 : 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II. Lecture Notes in Computer Science . Springer, pp. 439-456. ISBN 9783319112114
Full text not available from this repository.Abstract
We propose a novel technique for detecting P2P botnets. Detection is based on two working principles. First, we exploit a {\bf fundamental property} of botnet design: peer-to-peer connectivity topologies are fundamental to botnet survivability. Second, we use traffic-flow pattern analysis to capture traffic similarity within a botnet. Our work unifies graph-theoretic detection with behavioural detection into a single technique. We carried out evaluation over live P2P botnet traffic and show that the resulting algorithm can localise the majority of bots with low false-positive rate.