| A botnet is a network of compromised computers (bots), which are controlled through a command and control channel. Using highly efficient and flexible one-to-many control mechanisms, botnets provide a botmaster infrastructure of reserves, management and use of cyber attack capabilities and have become one of the most significant threats to the Internet. In recent years, the emergence of P2P botnets, which are more stealthy, robust and hazardous, has posed great challenges to botnet detection researches.The thesis researched the challenges surrounding P2P botnet detection, such as individual differences between P2P botnet protocols, similarities between legitimate P2P networks and P2P botnets, and evaluation difficulties. Several novel detection algorithms are proposed, which focus on offline detection, online detection and distributed detection. The contributions are listed as follows.P2P botnet construction and behavior characteristics were studied and then a P2P botnet Equilibrium-State Model (ESM) was proposed. At first, P2P botnet C&C mechanisms and lifecycle were studied and case study was performed on Storm and Waledac. And then, P2P botnet behavior characteristics were studied through large number of experiments, which revealed the main characteristics of P2P botnets, such as high connection failure rate, high outbound network degree, irregular phased-similarity, irregular concussive and mice flows. At last a Equilibrium-State Model (ESM) of P2P botnets was developed. ESM proves that some main characteristics are bound to exist and lays the foundation for P2P botnet detection researches in the paper. |
PDF Full Text Request