Botnets are a common and serious threat to the Internet. The search for the infected nodes\nof a P2P botnet is affected by the number of commonly connected nodes, with a lower detection\naccuracy rate for cases with fewer commonly connected nodes. However, this paper calculates the\nMahalanobis distance-which can express correlations between data-between indirectly connected\nnodes through traffic with commonly connected nodes, and establishes a relationship evaluation\nmodel among nodes. An iterative algorithm is used to obtain the correlation coefficient between the\nnodes, and the threshold is set to detect P2P botnets. The experimental results show that this method\ncan effectively detect P2P botnets with an accuracy of >85% when the correlation coefficient is high,\neven in cases with fewer commonly connected nodes.
Loading....