• Apr 08, 2019 News! [CFP] 2019 the annual meeting of IJET Editorial Board, ICEDA 2019, will be held in Bali, Indonesia during October 19-21, 2019.   [Click]
  • May 15, 2019 News! Vol.9, No.5- Vol.10, No.5 has been indexed by EI(Inspec)!   [Click]
  • Aug 28, 2019 News!Vol.11, No. 5 has been published with online version.   [Click]
General Information
    • ISSN: 1793-8236 (Online)
    • Abbreviated Title Int. J. eng. technol.(Online)
    • Frequency:  Bimonthly
    • DOI: 10.7763/IJET
    • Executive Editor: Ms.Yoyo Y. Zhou
    • Abstracting/ Indexing: Chemical Abstracts Services (CAS) EBSCO, Google Scholar, Ulrich Periodicals Directory, Crossref, ProQuest, Index CopernicusEI (INSPEC, IET).
    • E-mail: ijet@vip.163.com
Prof. T. Hikmet Karakoc
Anadolu University, Faculty of Aeronautics and Astronautics, Turkey

IJET 2010 Vol.2(2): 161-168 ISSN: 1793-8236
DOI: 10.7763/IJET.2010.V2.116

A Proposed Framework for P2P Botnet Detection

Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf, Rabiah Bt Ahmad, Mazdak Zamani and Saman Shojae Chaeikar
Abstract—Botnet is most widespread and occurs commonly in today‘s cyber attacks, resulting in serious threats to our network assets and organization’s properties. Botnets are collections of compromised computers (Bots) which are remotely controlled by its originator (BotMaster) under a common Command-and-Control (C&C) infrastructure. They are used to distribute commands to Bots for malicious activities such as distributed denial-of-service (DDoS) attacks, spam and phishing. Most of the existing botnet detection approaches concentrate only on particular botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective as botnets change their structure and C&C techniques. In this paper we proposed a new detection framework which focuses on P2P based botnets. This proposed framework is based on our definition of botnets. We define a botnet as a group of bots that will perform similar communication and malicious activity patterns within the same botnet. In our proposed detection framework, we monitor the group of hosts that show similar communication pattern in one stage and also performing malicious activities in another step, and finding common hosts on them.

Index Terms—botnet; bot; centralized; decentralized; P2P; detection

Hossein Rouhani Zeidanloo, Rabiah Bt Ahmad and Saman Shojae Chaeikar, centre for Advanced Software Engineering, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia (email:h_rouhani@hotmail.com, rabiah@citycampus.utm.my, saman_shoja@yahoo.com).
Azizah Bt Abdul Manaf, college of Science and Technology, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia (email: azizah07@citycampus.utm.my).
Mazdak Zamani, faculty of Computer Science and Information System, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia (email: zmazdak2@siswa.utm.my).


Cite: Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf, Rabiah Bt Ahmad, Mazdak Zamani and Saman Shojae Chaeikar,  "A  Proposed Framework for  P2P Botnet Detection,"  International  Journal  of  Engineering  and Technology  vol. 2, no. 2, pp. 161-168, 2010. 
Copyright © 2008-2019. International Journal of Engineering and Technology. All rights reserved. 
E-mail: ijet@vip.163.com