Research Of P2P Botnet Detection Method Under The Environment Of High-speed Network

Botnets had became one of the major threats to network security. The communication protocol of early botnets used mainly IRC and HTTP protocol with a single point of failure problem, which makes them easy to find and destroy. With the development of P2 P technology and botnet, most new botnets are distributed, by exploiting the P2 P technology to build the botnet command and control mechanism. P2 P botnets has no central node, hence are more of threating and more difficult to detect compared to other types of botnets.Consequently, how to effectively detect and counterattack P2 P botnets in real networking environments has become a hot topic in the field of network security.This paper further analyzes the structure of P2 P botnets, features of C &C communication and characteristics of P2 P traffic on the basis of existing detection methods, and proposes P2 P traffic identification method based on filtering mechanism and P2 P botnets detection method based on the features of network sessions.The P2 P traffic identification method identify the traffic of P2 P protocol by filtering out the traffic of known non-P2 P protocols. This method can efficiently filter out most traffic of non-P2 P protocols.The P2 P botnets detection method classify and detect the traffic of P2 P botnets by combining the classification algorithms and analysis of the data packet and packet distribution in the session based on the characteristics of data stream and steam similarity-based detection method.This method detect based on features of the network sessions, thus not only effectively reduce the number of features of the data stream but also increase the discrimination of the features of the network data stream.The proposed combination of these two methods, can detect P2 P botnet sessions in real-time in high-speed networking environment.Then, this paper analyzes the traffic characteristics and the difficulties of detecting P2 P botnets traffic in high-speed networks. This paper designs and implements the network traffic detection platform in high-speed network, and elaborates the overall design of the prototype system and implementations of each module.Finally, we conduct experimental evaluation and online pilot of the proposed session-based P2 P botnets detection method on real world dataset and other public accessible botnet datasets.The experimental results show that the proposed detection method can detect P2 P botnets effectively and efficiently in high-speed networking environment. The detection platform provides a good reference for botnets detection in high-speed networking environments.