Abstract
Conference Title: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) Conference Start Date: 2016, Nov. 21 Conference End Date: 2016, Nov. 23 Conference Location: Larnaca, Cyprus One of the most serious cyber-security threats is the botnet. The botnet runs in the background of the compromised machine and maintains the communication with the C&C server to receive malicious commands. Botnet master uses botnet to launch dangerous attacks. %such as Distributed Denial of Service (DDoS), data stealing and spamming. This paper addresses the problem of detecting P2P botnet flow records from P2P application within Netflow traces and activities in the network. We propose a technique that is capable of detecting a new P2P botnet in early stage. This technique has been evaluated with a collection of real malicious and legitimate datasets. Our algorithm preprocesses and extracts features to differentiate the botnet behavior from the legitimate behavior. The results of our experiment show a high level of accuracy and a low positive rate.