PeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis

Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the infrastructure that responsible for various of cyber-crimes. Though a few existing work claimed to detect traditional botnets effectively, the problem of detecting P2P botnets involves more challenges. In this paper, we present PeerHunter, a community behavior analysis based method, which is capable of detecting botnets that communicate via a P2P structure. PeerHunter starts from a P2P hosts detection component. Then, it uses mutual contacts as the main feature to cluster bots into communities. Finally, it uses community behavior analysis to detect potential botnet communities and further identify bot candidates. Through extensive experiments with real and simulated network traces, PeerHunter can achieve very high detection rate and low false positives.Comment: 8 pages, 2 figures, 11 tables, 2017 IEEE Conference on Dependable and Secure Computin

Properties of derivative expansion approximations to the renormalization group

Approximation only by derivative (or more generally momentum) expansions, combined with reparametrization invariance, turns the continuous renormalization group for quantum field theory into a set of partial differential equations which at fixed points become non-linear eigenvalue equations for the anomalous scaling dimension $\eta$. We review how these equations provide a powerful and robust means of discovering and approximating non-perturbative continuum limits. Gauge fields are briefly discussed. Particular emphasis is placed on the r\^ole of reparametrization invariance, and the convergence of the derivative expansion is addressed.Comment: (Minor touch ups of the lingo.) Invited talk at RG96, Dubna, Russia; 14 pages including 2 eps figures; uses LaTeX, epsf and sprocl.st