Botyacc: unified P2P botnet detection using behavioural analysis and graph analysis

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

10 Citations (Scopus)

Abstract

The detection and isolation of peer-to-peer botnets is an ongoing problem. We propose a novel technique for detecting P2P botnets. Detection is based on unifying behavioural analysis with structured graph analysis. First, our inference technique exploits a fundamental property of botnet design. Modern botnets use peer-to-peer communication topologies which are fundamental to botnet resilience. Second, our technique extends conventional graph-based detection by incorporating behavioural analysis into structured graph analysis, thus unifying graph-theoretic detection with behavioural detection under a single algorithmic framework. We carried out evaluation over real-world P2P botnet traffic and show that the resulting algorithm can localise the majority of bots with low false-positive rate.

Original languageEnglish
Title of host publicationComputer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings
EditorsM. Kutyłowski, J. Vaidya
Place of PublicationCham
PublisherSpringer-Verlag
Pages439-456
Number of pages18
Volume8713
EditionPART 2
ISBN (Print)9783319112114
DOIs
Publication statusPublished - 1 Jan 2014
Event19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland
Duration: 7 Sep 201411 Sep 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8713 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th European Symposium on Research in Computer Security, ESORICS 2014
CountryPoland
CityWroclaw
Period7/09/1411/09/14

    Fingerprint

Keywords

  • behavioural analysis
  • botnet detection
  • graph theory
  • traffic analysis
  • security of data
  • security systems
  • malware

Cite this

Nagaraja, S. (2014). Botyacc: unified P2P botnet detection using behavioural analysis and graph analysis. In M. Kutyłowski, & J. Vaidya (Eds.), Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings (PART 2 ed., Vol. 8713, pp. 439-456). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8713 LNCS, No. PART 2). Cham: Springer-Verlag. https://doi.org/10.1007/978-3-319-11212-1_25