Application Entropy Theory to Detect New Peer-to-Peer Botnet with Multi-chart CUSUM
Botnets have been recognized as one of the most important threats to the security of the Internet They engage in Distributed Denial of Service (DDOS) attacks, email spamming and other malicious activities likewise. As evolving new features such as decentralized architecture, using P2P networks and etc, new Peer-to-Peer(P2P) botnets could no longer be indicated effectively and accurately by using the traditional detection methods. And we believe that adopting more sophisticated methods from being detected would be the very trend of future botnet development. Thus, in this paper, based on several of the new P2P botnet characteristic properties, we propose a novel detecting method applying the Information Entropy theory in the detection Multi-chart CUSUM. With verification of experiments, it successfully detects the botnet with a relatively high precision.
P2P Botnet Storm Multi-chart CUSUM Information Entropy Detection
Jian Kang Jun-Yao Zhang
Dept.of Computer Science and Technology Jilin University Changchun, China
国际会议
Second International Symposium on Electronic Commerce and Security(第二届电子商务与安全国际研究大会)(ISECS 2009)
南昌
英文
470-474
2009-05-22(万方平台首次上网日期,不代表论文的发表时间)