DETECTION OF STEALTHY P2P BOT COMPROMISED HOSTS IN A NETWORK

Peer - to - peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take - down efforts. Besides being harder to take down, modern botnets tend to be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, the rapidly growing volume of network traffic calls for high scalability of detection systems. In this paper, we propose a novel scalable botnet detection system capable of detecting stealthy P2P botnets. Our system first identifies all hosts that are likely engaged in P2P communications. It then derives statistical fingerprints to profile P2P traffic and further distinguish between P2P botnet traffic and legitimate P2P traf fic. The parallelized computation with bounded complexity makes scalability a built - in feature of our system. Extensive evaluation has demonstrated both high detection accuracy and great scalability of the proposed system.