Machine-learning approaches for P2P botnet detection using signal-processing techniques

Abstract

The distributed and decentralized nature of P2P botnets makes their detection a challenging task. Further, the botmasters continuously try to improve their botnets in order to evade existing detection mechanisms. Thus, although a lot of research has been seen in this field, their detection continues to be an important area of research.

This work proposes a novel approach for the detection of P2P botnets by converting the 'time-domain' network communications of P2P botnets to 'frequency-domain'. We adopt a signal-processing based approach by treating the traffic of each pair of nodes seen in network traffic as a 'signal'. Apart from the regular 'network behavior' based features, we extract features based on Discrete Fourier Transforms and Shannon's Entropy theory to build supervised machine learning models for the detection of P2P botnets. Herein we present encouraging results obtained from the preliminary experiments.