Since most malwares are designed using decentralized architecture to resist detection and countering, in order to fast and accurately detect Peer-to-Peer (P2P) bots at the stealthy stage and minimize their destructiveness, a real-time detection system for stealthy P2P bots based on statistical features was proposed. Firstly, all the P2P hosts inside a monitored network were detected using means of machine learning algorithm based on three P2P statistical features. Secondly, P2P bots were discriminated based on two P2P bots statistical features. The experimental results show that the proposed system is able to detect stealthy P2P bots with an accuracy of 99.7% and a false alarm rate below 0.3% within 5 minutes. Compared to the existing detection methods, this system requires less statistical characteristics and smaller time window, and has the ability of real-time detection.

Active Queue Management plays an important role in the congestion control of network. In order to solve the problem that CHOKe algorithm cannot punish the non-responsive flows enough and the low accuracy, a new algorithm, LRU-CHOKe to penalize for non-responsive flows, was proposed in the paper. The algorithm did not only replace the CHOKe hit with LRU hit to improve the effectiveness of CHOKe hit, but also used queue hit to adaptively determine the number of packet loss. A new way of dropping packets to punish non-responsive flows was adopted. The simulation results show that LRU-CHOKe performs better than CHOKe in punishing non-responsive flows. As a result, the bandwidth allocation is realized more fairly.

With regard to the phenomena that Random Early Detection (RED) packet loss rate is high while the network congestion is not serious and vice versa, the congestion control algorithm of non-linear high-order RED was put forward to control the ineffectiveness of the network. The algorithm has established a high-order function model which has good congestion control ability. By using the non-linear control to mark or discard fragments with lower and higher probability near low and high threshold respectively, it can control average queue length effectively. Meanwhile, NS2 stimulation has verified that the algorithm is effective in improving the network performance.