Detecting P2P Botnets Using a Multi-phased Flow Model

@article{Noh2009DetectingPB,
  title={Detecting P2P Botnets Using a Multi-phased Flow Model},
  author={Sang-Kyun Noh and Joo-Hyung Oh and Jae-Seo Lee and BongNam Noh and Hyun-Cheol Jeong},
  journal={2009 Third International Conference on Digital Society},
  year={2009},
  pages={247-253}
}
In this paper, we propose a useful method for modeling multi-phased flows of P2P botnet traffic. Botnets are becoming more sophisticated and more dangerous each day and attackers use the P2P protocol to avoid centralized botnet topologies. We focus on the feature that a peer bot generates multiple traffic to communicate with large number of remote peers. In this case, phased botnet flows have similar patterns, which occur at irregular intervals. We compress duplicated flows via flow grouping… CONTINUE READING
Highly Cited
This paper has 31 citations. REVIEW CITATIONS