Automated Simulation P2P Botnets Signature Detection by Rule-based Approach

Internet is a most salient services in communication. Thus, companies take this opportunity by putting critical resources online for effective business organization. This has given rise to activities of cyber criminals actuated by botnets. P2P networks had gained popularity through distributed applications such as file-sharing, web caching and network storage whereby it is not easy to guarantee that the file exchanged not the malicious in non-centralized authority of P2P networks. For this reason, these networks become the suitable venue for malicious software to spread. It is straightforward for attackers to target the vulnerable hosts in existing P2P networks as bot candidates and build their zombie army. They can be used to compromise a host and make it become a P2P bot. In order to detect these botnets, a complete flow analysis is necessary. In this paper, we proposed an automated P2P botnets through rule-based detection approach which currently focuses on P2P signature illumination. We consider both of synchronisation within a botnets and the malicious behaviour each bot exhibits at the host or network level to recognize the signature and activities in P2P botnets traffic. The rule-based approach have high detection accuracy and low false positive.