Detecting and blocking P2P botnets through contact tracing chains

摘要

Peer-to-peer (P2P) botnets have recently become serious security threats on the internet. It is difficult to detect the propagation of P2P botnets by isolated monitoring on individual machines due to its decentralised control structure. In this paper, we propose a contact tracing chain-based framework to detect and block P2P botnets by tracing contact behaviours among peers. In the proposed framework, the contacts of peers with suspicious symptoms are traced and tracing chains are established to correlate contacts among peers with their abnormal symptoms. Peers are confirmed with infections when the length of contact tracing chain that they belong to reaches a preset threshold. Under this framework, we develop different detection, tracing and immunisation strategies. Through numerical simulations, we demonstrate that the proposed contact tracing framework can quickly detect and block the propagation of P2P botnets.