Botnet has been identified as one of the most
emerging threats to the Internet users. It has been attracted much attention and gives a big threat in network security.
Through the year a number of Botnet variants have been
introduced and the most lethal variants are known as peerto-
peer (P2P) botnets which able to camouflaging itself as the
benign P2P application. This evolution of Botnet variants
has made it harder to detect and shut down. Alike any
network connection, p2p similarly using TCP to initialize the communication between two parties. Based on this reason,
this paper investigates the network traffic characteristics of normal P2P connection and P2P botnets through the TCP
connection initialize or received between the bot to the bot
master. The proposed mechanism detects and classifies the
P2P botnet TCP connection behaviour from the normal P2P
network traffic. This can be used for early warning of P2P
botnet activities in the network and prevention mechanism