Characterising and detection of botnet in P2P network for UDP protocol

Noor Zuraidin Mohd Safar, Noryusliza Abdullah, Hazalila Kamaludin, Suhaimi Abd Ishak, Mohd Rizal Mohd Isa

Abstract


Developments in computer networking have raised concerns of the associated Botnets threat to the Internet security. Botnet is an inter-connected computers or nodes that infected with malicious software and being controlled as a group without any permission of the computer’s owner. This paper explores how network traffic characterising can be used for identification of botnet at local networks. To analyse the characteristic, behaviour or pattern of the botnet in the network traffic, a proper network analysing tools is needed. Several network analysis tools available today are used for the analysis process of the network traffic. In the analysis phase, the botnet detection strategy based on the signature and DNS anomaly approach are selected to identify the behaviour and the characteristic of the botnet. In anomaly approach most of the behavioural and characteristic identification of the botnet is done by comparing between the normal and anomalous traffic. The main focus of the network analysis is studied on UDP protocol network traffic. Based on the analysis of the network traffic, the following anomalies are identified, anomalous DNS packet request, the NetBIOS attack, anomalous DNS MX query, DNS amplification attack and UDP flood attack. This study, identify significant Botnet characteristic in local network traffic for UDP network as additional approach for Botnet detection mechanism.

Keywords


Bot; Botmaster; Botnet; P2P; Peer to peer network; UDP; UDP botnet; UDP protocol

Full Text:

PDF


DOI: http://doi.org/10.11591/ijeecs.v18.i3.pp1584-1595

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Indonesian Journal of Electrical Engineering and Computer Science (IJEECS)
p-ISSN: 2502-4752, e-ISSN: 2502-4760
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).

shopify stats IJEECS visitor statistics