P2P Botnet Detection Based on Nodes Correlation by the Mahalanobis Distance

P2P Botnet Detection Based on Nodes Correlation by the Mahalanobis Distance

Botnets are a common and serious threat to the Internet. The search for the infected nodes of a P2P botnet is affected by the number of commonly connected nodes, with a lower detection accuracy rate for cases with fewer commonly connected nodes. However, this paper calculates the Mahalanobis distanc...

Full description

Bibliographic Details
Main Authors: Zhixian Yang, Buhong Wang
Format: Article
Language:English
Published: MDPI AG 2019-05-01
Series:Information
Subjects:
P2P botnet
Mahalanobis distance
correlation coefficient
Online Access:https://www.mdpi.com/2078-2489/10/5/160
Description
Summary:Botnets are a common and serious threat to the Internet. The search for the infected nodes of a P2P botnet is affected by the number of commonly connected nodes, with a lower detection accuracy rate for cases with fewer commonly connected nodes. However, this paper calculates the Mahalanobis distance—which can express correlations between data—between indirectly connected nodes through traffic with commonly connected nodes, and establishes a relationship evaluation model among nodes. An iterative algorithm is used to obtain the correlation coefficient between the nodes, and the threshold is set to detect P2P botnets. The experimental results show that this method can effectively detect P2P botnets with an accuracy of >85% when the correlation coefficient is high, even in cases with fewer commonly connected nodes.
ISSN:2078-2489

Similar Items