关键词: P2P网络, 僵尸网络, 聚类, 数据流, 恶意行为, 检测模型

Abstract: A new method for detecting P2P-Botnet, which was based on the analysis of network streams, was presented. Firstly, by using outburst and distributed characteristics of the P2P streams, the P2P nodes could be picked up from the common nodes. Then, based on the communication symmetry and cohesion characteristics of the pairs of nodes in a P2P network, the set of peers in one P2P network could be taken out by using the K-average cluster method. Finally, by contrasting with the common actions of the peers in every P2P network, a P2P-Botnet could be distinguished from the P2P networks. Plenty of experiments have been done in LAN environment and the results verified the efficiency and precision of the proposed method.

Key words: P2P network, Botnet, clustering, data stream, malicious behavior, detection model