New botnet and bots using P2P protocols have become the increasing threat to network security because P2P botnet and bots do not have a centralized point to trace back or shut down, thus detecting the P2P bots is very difficult. In order to deal with these threats, the model in terms of the dendritic cells algorithm (DCA) is presented to detect P2P bots on an individual host. The detailed approach to detect P2P bots is also described. The raw data for P2P bots detection are obtained via APITrace tool. The processes ID are mapped into the antigens, and the behavioral data created by the processes are mapped into the signals, which are the time series input data of DCA. These data as the input data of the algorithm are used to implement data fusion and correlation. Through related experiments, the systems using the proposed method in this paper can detect p2p bots. The method should outperform the other existing P2P detection techniques due to its linear computation in the process of detection and analysis, and no training phrase.
展开▼
