Location of Repository

Behavioural correlation for detecting P2P bots

By Yousof Al-Hammadi and Uwe Aickelin


In the past few years, IRC bots, malicious programs which\ud are remotely controlled by the attacker through IRC servers,\ud have become a major threat to the Internet and users. These\ud bots can be used in different malicious ways such as issuing\ud distributed denial of services attacks to shutdown other\ud networks and services, keystrokes logging, spamming, traffic\ud sniffing cause serious disruption on networks and users.\ud New bots use peer to peer (P2P) protocols start to appear\ud as the upcoming threat to Internet security due to the fact\ud that P2P bots do not have a centralized point to shutdown\ud or traceback, thus making the detection of P2P bots is a\ud real challenge. In response to these threats, we present an\ud algorithm to detect an individual P2P bot running on a\ud system by correlating its activities. Our evaluation shows\ud that correlating different activities generated by P2P bots\ud within a specified time period can detect these kind of bots

Publisher: IEEE
Year: 2010
OAI identifier: oai:eprints.nottingham.ac.uk:1250
Provided by: Nottingham ePrints

Suggested articles



  1. (2007). A Multi-perspective Analysis of the Storm (Peacomm) Worm.
  2. (2007). Analysis of the Storm and Nugache Trojans: P2P is here.
  3. (2007). BotHunter: Detecting Malware Infection through IDS-driven Dialog Correlation.
  4. (2006). CSI/FBI computer crime and security survey
  5. (2007). Detecting peer-to-peer botnets.
  6. (2002). Kademlia: A peer-topeer information system based on the XOR metric.
  7. (2007). Locating Zombie Nodes and Botmasters in Decentralized Peer-to-Peer Botnets,
  8. (2008). Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm.
  9. (2008). P2P as botnet command and control: a deeper insight.
  10. (2007). Peer-to-peer botnets: Overview and case study.
  11. (2007). Peerbot: Catch me if you can. Whitepaper: Symantec Security Response, Ireland. Originally published by Virus Bulletin,
  12. (2007). Storm Worm DDoS Attack,

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.