Abstract:
This paper presents Hades, a Hadoop-based framework for
detection of P2P botnets in an enterprise-level network,
which is distributed and scalable by design. The contri-
butions of this work are two-fold: Firstly, our work uses
the Hadoop-ecosystem to adopt a ‘host-aggregation based’
approach which aggregates behavioral metrics for each Peer-
to-Peer (P2P) host seen in network communications, and
uses them to distinguish between benign P2P hosts and
hosts infected by P2P botnets. Secondly, we propose a
distributed data-collection architecture which can monitor
inside-to-inside LAN traffic, as opposed to relying solely
on the NetFlow information available at a backbone router
which cannot see the LAN communications happening in
the network.