| P2P botnet relying on P2P technology to build P2P network communication,makes it have a strong concealment and robustness,which has brought great challenges to the Internet security.Besides,the P2P botnet has complex and flexible architecture as well as the more obvious individual differences,which make it more difficult for the P2P botnet detection.Therefore,how to detect the P2P botnet efficiently and accurately,as well as design a stable real-time P2P botnet detection system has become an important research topic at present academia and industry.Because the current P2P botnet detection system has low accuracy and bad real-time performance when dealing with a large-scale real-time network traffic,in this article,researches were launched from both detection algorithm and system framework,and obtained the following results:(1)As P2P botnet traffic detection methods used in the analysis of network traffic alaways have high time and space complexity,a new method which combined boolean autocorrelation techniques,incremental K-means++ algorithm with similarity measure based on Bhattacharyya distance is adopted in this paper.It is proved to be capable of reducing the time and space complexity overhead P2P botnets real-time detection algorithm.(2)In order to overcome the lack of real-time detecting of current offline detection system which is based on Hadoop MapReduce parallel computing framework,the Spark Streaming real-time distributed stream processing technique is introduced into the design of P2P botnet detection system,which enhances real-time performance and stability of distributed P2P botnet detection system.(3)Design and implement a distributed real-time P2P botnet detection system.Experiments show that it is capable of detecting the P2P botnet traffic accurately and in real-time from large-scale high-speed network traffic,which proves Spark Streaming real-time distributed stream processing technical is feasible in P2P botnet detection field. |
PDF Full Text Request